Intrusion Prevention

MS.Windows.Print.Spooler.Service.GetPrinterData.DoS

Description

This indicates an attempt to exploit a denial of service vulnerability in the Microsoft Windows Print Spooler service.
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size). A remote attacker can exploit this issue to crash the affected service, denying service to legitimate users.

Affected Products

Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4

Impact

Denial of service.

Recommended Actions

Disable the Print Spooler service by using the following command : sc stop Spooler & sc config Spooler start=disabled

CVE References

CVE-2006-6296