CVE-2006-6296 Information

Description

The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier and possibly Windows XP SP1 and earlier allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large ‘offered’ value (output buffer size) a variant of CVE-2005-3644.

Reference

http://research.eeye.com/html/alerts/zeroday/20051116.html http://secunia.com/advisories/23196 http://securitytracker.com/id?1017330 http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker/2005/20051116 http://www.kb.cert.org/vuls/id/914617 http://www.securityfocus.com/bid/21401 http://www.vupen.com/english/advisories/2006/4827 https://exchange.xforce.ibmcloud.com/vulnerabilities/30717 https://www.exploit-db.com/exploits/2879