BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Server NETAPI32

Disclosed August 8, 2006    Fully Patched

Vulnerability Description:

A buffer overflow within netapi32.dll allows a remote attacker to execute arbitrary code as SYSTEM on a remote host.

Vendors:

Microsoft

Vulnerable Software/Devices:

Windows 2000
Windows XP
Windows 2003

Vulnerability Severity:

High

Exploit Availability:

N/A

BeyondTrust Prevention and Detection:

BeyondTrust's Blink® Personal Edition protects from this vulnerability.
BeyondTrust's Blink® Professional Edition protects from this vulnerability.
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

Patch:
Microsoft Patch - MS06-040

Mitigation:

Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS06-040. Other mitigation (suggested by Microsoft) included blocking TCP ports 139 and 445, but because this disables remote management of hosts, eEye does not suggest this mitigation technique.

Links:

CVE-2006-3439
First Public PoC Code Disclosure (Metasploit Plugin)

CVE(s):

None

Leave a Reply