virus logo Intrusion Prevention

MS.Windows.Print.Spooler.Service.GetPrinterData.DoS

description-logoDescription

This indicates an attempt to exploit a denial of service vulnerability in the Microsoft Windows Print Spooler service.
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size). A remote attacker can exploit this issue to crash the affected service, denying service to legitimate users.

affected-products-logoAffected Products

Microsoft Windows 2000 Server SP4
Microsoft Windows 2000 Professional SP4
Microsoft Windows 2000 Datacenter Server SP4
Microsoft Windows 2000 Advanced Server SP4

Impact logoImpact

Denial of service.

recomended-action-logoRecommended Actions

Disable the Print Spooler service by using the following command : sc stop Spooler & sc config Spooler start=disabled

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

http://secunia.com/advisories/23196/
ID 13645
Created Dec 03, 2006
Updated Nov 15, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2006-6296
Exploit Prediction Score 96.75%
Default Action drop
Active
Affected OS Windows
Affected App All