NVD脆弱性詳細

CVE-2006-6696

概要	Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
概要	Vulnerabilidad de liberación de memoria doble en Microsoft Windows 2000, XP, 2003, y Vista, permite a usuarios locales obtener privilegios llamando a la función MessageBox con un mensaje MB_SERVICE_NOTIFICATION con datos manipulados, lo cual envía un mensaje HardError al proceso Subsistema de servidor en ejecución de Cliente/Servidor (CSSRSS), que no es gestionado apropiadamente cuando se invocan las funciones UserHardError y GetHardErrorText en WINSRV.DLL.
公表日	2006年12月22日11:28
登録日	2021年1月29日15:52
最終更新日	2026年4月23日9:35

CVSS2.0 : MEDIUM
スコア	6.9
ベクター	AV:L/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ローカル
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
全ての特権を取得	はい
ユーザー権限を取得	いいえ
その他の権限を取得	いいえ
ユーザー操作が必要	いいえ

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_2000::sp1::::::*
cpe:2.3:o:microsoft:windows_2000::sp2::::::*
cpe:2.3:o:microsoft:windows_2000::sp3::::::*
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:::::::*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_2003_server:sp1::enterprise:::::
cpe:2.3:o:microsoft:windows_2003_server:standard:::::::*
cpe:2.3:o:microsoft:windows_2003_server:standard:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_2003_server:web:::::::*
cpe:2.3:o:microsoft:windows_2003_server:web:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_vista:::december_ctp:::::*
cpe:2.3:o:microsoft:windows_vista::beta::::::*
cpe:2.3:o:microsoft:windows_vista::beta1::::::*
cpe:2.3:o:microsoft:windows_vista::beta2::::::*
cpe:2.3:o:microsoft:windows_xp:::home:::::*
cpe:2.3:o:microsoft:windows_xp:::media_center:::::*
cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
cpe:2.3:o:microsoft:windows_xp::sp1:home:::::
cpe:2.3:o:microsoft:windows_xp::sp1:media_center:::::
cpe:2.3:o:microsoft:windows_xp::sp2:home:::::
cpe:2.3:o:microsoft:windows_xp::sp2:media_center:::::
cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::

関連情報、対策とツール

No	URL	refsource
1	http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx	cve@mitre.org
2	http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff	cve@mitre.org
3	http://isc.sans.org/diary.php?n&storyid=1965	cve@mitre.org
4	http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html	cve@mitre.org
5	http://research.eeye.com/html/alerts/zeroday/20061215.html	cve@mitre.org
6	http://secunia.com/advisories/23448	cve@mitre.org
7	http://securitytracker.com/id?1017433	cve@mitre.org
8	http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html	cve@mitre.org
9	http://www.kuban.ru/forum_new/forum2/files/19124.html	cve@mitre.org
10	http://www.security.nnov.ru/Gnews944.html	cve@mitre.org
11	http://www.security.nnov.ru/files/messagebox.c	cve@mitre.org
12	http://www.securityfocus.com/archive/1/455061/100/0/threaded	cve@mitre.org
13	http://www.securityfocus.com/archive/1/455088/100/0/threaded	cve@mitre.org
14	http://www.securityfocus.com/archive/1/455104/100/0/threaded	cve@mitre.org
15	http://www.securityfocus.com/archive/1/455158/100/0/threaded	cve@mitre.org
16	http://www.securityfocus.com/archive/1/455546/100/0/threaded	cve@mitre.org
17	http://www.securityfocus.com/archive/1/466331/100/200/threaded	cve@mitre.org
18	http://www.securityfocus.com/bid/21688	cve@mitre.org
19	http://www.securityfocus.com/bid/23324	cve@mitre.org
20	http://www.vupen.com/english/advisories/2006/5120	cve@mitre.org
21	http://www.vupen.com/english/advisories/2007/1325	cve@mitre.org
22	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021	cve@mitre.org
23	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816	cve@mitre.org
24	http://blogs.technet.com/msrc/archive/2006/12/22/new-report-of-a-windows-vulnerability.aspx	af854a3a-2127-422b-91ae-364da2661108
25	http://groups.google.ca/group/microsoft.public.win32.programmer.kernel/browse_thread/thread/c5946bf40f227058/7bd7b5d66a4e5aff	af854a3a-2127-422b-91ae-364da2661108
26	http://isc.sans.org/diary.php?n&storyid=1965	af854a3a-2127-422b-91ae-364da2661108
27	http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051394.html	af854a3a-2127-422b-91ae-364da2661108
28	http://research.eeye.com/html/alerts/zeroday/20061215.html	af854a3a-2127-422b-91ae-364da2661108
29	http://secunia.com/advisories/23448	af854a3a-2127-422b-91ae-364da2661108
30	http://securitytracker.com/id?1017433	af854a3a-2127-422b-91ae-364da2661108
31	http://www.determina.com/security.research/vulnerabilities/csrss-harderror.html	af854a3a-2127-422b-91ae-364da2661108
32	http://www.kuban.ru/forum_new/forum2/files/19124.html	af854a3a-2127-422b-91ae-364da2661108
33	http://www.security.nnov.ru/Gnews944.html	af854a3a-2127-422b-91ae-364da2661108
34	http://www.security.nnov.ru/files/messagebox.c	af854a3a-2127-422b-91ae-364da2661108
35	http://www.securityfocus.com/archive/1/455061/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
36	http://www.securityfocus.com/archive/1/455088/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
37	http://www.securityfocus.com/archive/1/455104/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
38	http://www.securityfocus.com/archive/1/455158/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
39	http://www.securityfocus.com/archive/1/455546/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
40	http://www.securityfocus.com/archive/1/466331/100/200/threaded	af854a3a-2127-422b-91ae-364da2661108
41	http://www.securityfocus.com/bid/21688	af854a3a-2127-422b-91ae-364da2661108
42	http://www.securityfocus.com/bid/23324	af854a3a-2127-422b-91ae-364da2661108
43	http://www.vupen.com/english/advisories/2006/5120	af854a3a-2127-422b-91ae-364da2661108
44	http://www.vupen.com/english/advisories/2007/1325	af854a3a-2127-422b-91ae-364da2661108
45	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-021	af854a3a-2127-422b-91ae-364da2661108
46	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1816	af854a3a-2127-422b-91ae-364da2661108

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html

構成1	以上	以下	より上	未満
cpe:2.3:o:microsoft:windows_2000::::::::
cpe:2.3:o:microsoft:windows_2000::sp1::::::*
cpe:2.3:o:microsoft:windows_2000::sp2::::::*
cpe:2.3:o:microsoft:windows_2000::sp3::::::*
cpe:2.3:o:microsoft:windows_2000::sp4::::::*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:::::::*
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_2003_server:sp1::enterprise:::::
cpe:2.3:o:microsoft:windows_2003_server:standard:::::::*
cpe:2.3:o:microsoft:windows_2003_server:standard:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_2003_server:web:::::::*
cpe:2.3:o:microsoft:windows_2003_server:web:sp1::::::
cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1::::::
cpe:2.3:o:microsoft:windows_vista:::december_ctp:::::*
cpe:2.3:o:microsoft:windows_vista::beta::::::*
cpe:2.3:o:microsoft:windows_vista::beta1::::::*
cpe:2.3:o:microsoft:windows_vista::beta2::::::*
cpe:2.3:o:microsoft:windows_xp:::home:::::*
cpe:2.3:o:microsoft:windows_xp:::media_center:::::*
cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
cpe:2.3:o:microsoft:windows_xp::sp1:home:::::
cpe:2.3:o:microsoft:windows_xp::sp1:media_center:::::
cpe:2.3:o:microsoft:windows_xp::sp2:home:::::
cpe:2.3:o:microsoft:windows_xp::sp2:media_center:::::
cpe:2.3:o:microsoft:windows_xp::sp2:tablet_pc:::::