Skip to main content

Mondoo

Vulnerability Management
Technology
Services

Solutions

Financial Services
Manufacturing
Healthcare

Resources

Blog
Vulnerability Database
Documentation
GitHub

Company

About
Careers
Partners
Contact

Legal

Privacy
Terms
Imprint

© 2026 Mondoo, Inc.

Log in Get Assessment

Vulnerability IntelligenceCVE-2006-2373

CVE-2006-2373

UNKNOWN

The Server Message Block (SMB) driver (MRXSMB

Published Jun 13, 2006

Modified 1 years ago

Details

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."

References

http://secunia.com/advisories/20635

http://securitytracker.com/id?1016288

http://www.idefense.com/intelligence/vulnerabilities/display.php?id=408

http://www.osvdb.org/26440

http://www.securityfocus.com/bid/18356

http://www.vupen.com/english/advisories/2006/2327

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-030

https://exchange.xforce.ibmcloud.com/vulnerabilities/26828

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1137

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1730

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1792

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1904

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1942

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2007

https://www.cve.org/CVERecord?id=CVE-2006-2373

CVSS Analysis

CVSS v2.0

10.0

Exploitability

Access Vector

NetworkAV:N

Access Complexity

LowAC:L

Authentication

NoneAu:N

Impact

Confidentiality

CompleteC:C

Integrity

CompleteI:C

Availability

CompleteA:C

10/AV:N/AC:L/Au:N/C:C/I:C/A:C

Ecosystems

Timeline

PublishedJun 13, 2006

ModifiedAug 7, 2024

CVE-2006-2373 | Mondoo Vulnerability Intelligence