Intrusion PreventionMS.Windows.DNS.Client.Buffer.Overflow
Description
This indicates an attack attempt to exploit a remote code-execution vulnerability in the Microsoft Windows DNS Client service that could allow an attacker to take complete control of the affected system. This flaw is due to an unchecked buffer in the DNS client layer. For an attack to be successful, the attacker would either have to be on a subnet between the host and the DNS server or force the target host to make a DNS request to receive a specially crafted record response from an attacking server. An attacker who successfully exploited this vulnerability could remotely take complete control of an affected system, and could then install programs, view, change, or delete data, or create new accounts with full user rights.
Affected Products
Nortel Networks SRG 1.0
Nortel Networks Contact Center Manager Server
Nortel Networks Contact Center Manager
Nortel Networks Contact Center Express
Nortel Networks Contact Center - TAPI Server
Nortel Networks Contact Center - TAPI Desktop
Nortel Networks Contact Center - Symposium Agent
Nortel Networks Contact Center - CCT
Nortel Networks Contact Center - Agent Desktop Display
Nortel Networks Contact Center
Nortel Networks Centrex IP Element Manager
Nortel Networks Centrex IP Client Manager
Nortel Networks CallPilot 703t
Nortel Networks CallPilot 702t
Nortel Networks CallPilot 201i
Nortel Networks CallPilot 200i
Nortel Networks CallPilot 1002rp
Nortel Networks BCM 400
Nortel Networks BCM 200
Nortel Networks BCM 1000
Microsoft Windows XP Tablet PC Edition
Microsoft Windows XP Tablet PC Edition SP1 - SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Professional
Microsoft Windows XP Professional SP1 - SP2
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Media Center Edition SP1 - SP2
Microsoft Windows XP Home
Microsoft Windows XP Home SP1 - SP2
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP 64-bit Edition Version 2003 SP1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition SP1
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2003 Web Edition SP1
Microsoft Windows Server 2003 Standard x64 Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Standard Edition SP1
Microsoft Windows Server 2003 Enterprise x64 Edition
Microsoft Windows Server 2003 Enterprise Edition Itanium
Microsoft Windows Server 2003 Enterprise Edition Itanium SP1
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition SP1
Microsoft Windows Server 2003 Datacenter x64 Edition
Microsoft Windows Server 2003 Datacenter Edition Itanium
Microsoft Windows Server 2003 Datacenter Edition Itanium SP
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition SP1
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1 - SP4
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1 - SP4
Microsoft Windows 2000 Datacenter Server SP1 - SP4
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1 - SP4
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply patch, available from the web site.
http://www.microsoft.com/technet/security/Bulletin/MS06-041.mspx
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
| ID | 12097 |
| Created | Aug 08, 2006 |
| Updated | May 02, 2022 |
| Risk |
|
| CVE ID | CVE-2006-3440 CVE-2006-3441 |
| Exploit Prediction Score | 94.25% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |