Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2006-3840

EPSS 4.12% · P89
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2006-3840

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
ISS RealSecure/BlackICE MailSlot堆溢出检查远程拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
ISS是国际知名的安全厂商,提供多种防火墙和入侵检测设备。 ISS的保护产品在对SMB_MailSlot_Heap_Overflow(MS06-035/KB917159)漏洞的检测中存在一个拒绝服务漏洞。通过构造特定攻击报文,可以导致检测代码陷入死循环。这可能导致某些ISS保护产品甚至操作系统停止响应。例如,对于BlackICE,会使得BlackICE所在主机网络中断,同时CPU占用率接近百分之百。停止BlackICE引擎并不能恢复正常,需要重启操作系统。 攻击者只需要发送单包就可以触发此漏洞,无需真正建
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2006-3840

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2006-3840

登录查看更多情报信息。

Same Patch Batch · n/a · 2006-07-27 · 40 CVEs total

CVE-2006-3838eIQnetworks ESA EnterpriseSecurityAnalyzer.exe LICMGR_ADDLICENSE命令远程缓冲区溢
CVE-2006-3806Mozilla Firefox/SeaMonkey/Thunderbir JAVA脚本引擎中多个缓冲区溢出漏洞
CVE-2006-3807Mozilla Firefox/SeaMonkey/Thunderbird改变标准Object()安全权限提升漏洞
CVE-2006-3897Microsoft Internet Explorer NMSA.ASFSourceMediaDescription.1 ActiveX 对象堆栈溢出漏洞
CVE-2006-3898Microsoft IE Internet.HHCtrl ActiveX对象Click()方法处理拒绝服务漏洞
CVE-2006-3899Microsoft Internet Explorer String To Binary函数拒绝服务漏洞
CVE-2006-3900TP Book Guestbook.PHP HTML注入漏洞
CVE-2006-3901Tumbleweed MailGate邮件防火墙多个LHA栈溢出漏洞
CVE-2006-3633OSSP Shiela Shell命令执行漏洞
CVE-2006-3819TWiki Configure Script TYPEOF参数Eval注入漏洞
CVE-2006-3804Mozilla Firefox/SeaMonkey/Thunderbird畸形的内嵌vcard附件缓冲区溢出漏洞
CVE-2006-3878Opsware网络自动化系统 Root口令信息泄露漏洞
CVE-2006-3879Libmikmod XCOM处理器远程堆溢出漏洞
CVE-2006-3880Windows Small Business Server TCP标头字段远程拒绝服务漏洞
CVE-2006-3881Shalwan MusicBox跨站脚本攻击漏洞
CVE-2006-3882Shalwan MusicBox 'phpinfo.php' 远程攻击漏洞
CVE-2006-3883Gonafish LinksCaffe 多个跨站脚本攻击(XSS)漏洞
CVE-2006-3884Gonafish LinksCaffe 'links.php' 多个SQL注入漏洞
CVE-2006-3885Checkpoint FireWall-1 Webserver HEX编码的目录遍历
CVE-2006-3886Shalwan MusicBox Page参数SQL注入漏洞

Showing top 20 of 40 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2006-3840

No comments yet

Leave a comment