CVE-2006-0376
Description
The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:microsoft:windows_xp:*:gold:home:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:gold:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
Root cause
"The wireless client does not warn the user when establishing or accepting an ad hoc (peer-to-peer) association, allowing silent creation of unexpected wireless links."
Attack vector
An attacker sets up a wireless station in ad hoc mode and either establishes an association with a target client or responds to the client's probe requests so that the client associates with the attacker's station. Because the operating system does not alert the user that the connection is ad hoc rather than infrastructure mode, the user may unknowingly communicate over an unexpected peer-to-peer link [ref_id=1]. This allows the attacker to position themselves on the same logical network segment and subsequently launch further attacks such as credential capture or client-side exploitation [ref_id=1].
Affected code
The advisory does not specify particular functions or files. The vulnerability is in the 802.11 wireless client implementation of Windows 2000, Windows XP, and Windows Server 2003, which fails to warn users when associating with an ad hoc (peer-to-peer) station or when an ad hoc station associates with it [ref_id=1].
What the fix does
No patch is included in the bundle. Microsoft Security Advisory 917021 (referenced on the KARMA page) addresses this issue, but the bundle does not contain the advisory text or a diff [ref_id=1]. The remediation guidance implied by the advisory is that the operating system should warn the user before establishing or accepting an ad hoc association, so that the user can make an informed decision about whether to proceed.
Preconditions
- networkThe target client must have wireless networking enabled and be within radio range of the attacker's station.
- configThe attacker's station must be configured in ad hoc (peer-to-peer) mode.
- configNo user warning or consent is required by the operating system for ad hoc associations.
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- www.nmrc.org/pub/advise/20060114.txtnvdVendor Advisory
- securityreason.com/securityalert/349nvd
- securitytracker.com/idnvd
- www.securiteam.com/windowsntfocus/5YP0D2KHHO.htmlnvd
- www.securityfocus.com/archive/1/421868/100/0/threadednvd
- www.theta44.org/karma/nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/24157nvd
News mentions
0No linked articles in our index yet.