{"vuid":"VU#778036","idnumber":"778036","name":"Microsoft Workstation Service fails to properly parse malformed network messages","keywords":["Microsoft","Workstation Service","remote code execution","ms06-nov"],"overview":"A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code.","clean_desc":"Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted network messages. According to Microsoft Security Bulletin MS06-070: On Windows 2000 Service Pack 4 any anonymous user who could deliver a specially crafted message to the affected system could try to exploit this vulnerability. On Windows XP Service Pack 2 the attack could only be successfully performed by a user with Administrator privileges. Please note that exploit code for this vulnerability is publicly available.","impact":"A remote, unauthenticated attacker may be able to execute arbitrary code or cause a denial-of-service condition.","resolution":"Update\nMicrosoft has released an update to address this issue. See Microsoft Security Bulletin MS06-070 for more details.","workarounds":"Workarounds In addition to the patches referred to above, Microsoft Security Bulletin MS06-070 also contains a number of workarounds for this issue. Users, particularly those who are unable to apply the patches are encouraged to implement these workarounds.","sysaffected":"","thanks":"This vulnerability was reported in Microsoft Security Bulletin \nMS06-070\n. Microsoft credits eEye for reporting this issue.","author":"This document was written by Chris Taschner.","public":["http://www.microsoft.com/technet/security/bulletin/ms06-070.mspx","http://research.eeye.com/html/advisories/published/AD20061114.html"],"cveids":["CVE-2006-4691"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-11-14T19:36:12Z","publicdate":"2006-11-14T00:00:00Z","datefirstpublished":"2006-11-15T17:55:09Z","dateupdated":"2006-11-21T17:12:45Z","revision":20,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"8","cam_population":"15","cam_impact":"20","cam_easeofexploitation":"9","cam_attackeraccessrequired":"16","cam_scorecurrent":"18.63","cam_scorecurrentwidelyknown":"22.68","cam_scorecurrentwidelyknownexploited":"38.88","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":18.63,"vulnote":null}