VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 27, 2006· Updated Apr 16, 2026

CVE-2006-3880

CVE-2006-3880

Description

Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Continuous stream of malformed TCP packets on port 135 can cause a denial of service (IP stack hang) on Windows NT 4.0, 2000, XP, and SBS 2003, though Microsoft disputes the finding.

Vulnerability

A continuous stream of TCP packets on port 135 with incorrect TCP header checksums and random values in certain TCP header fields can cause the IP stack to hang, resulting in a denial of service on Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003. The issue is exposed via the publicly available Achilles Windows Attack Tool [1]. The vulnerability is rated with a CVSS base score of 5/10, attack vector network, low complexity, and no authentication required [description].

Exploitation

An attacker can exploit this vulnerability remotely without any authentication or user interaction by sending a continuous stream of crafted TCP packets to the target on port 135. The packets must have incorrect TCP header checksums and random numbers in certain TCP header fields. The attack can be launched locally or remotely, as demonstrated by the Achilles tool [1]. The attacker only needs network access to the target and the ability to send IP packets.

Impact

Successful exploitation causes the target's IP stack to hang, leading to a denial of service. The impact is limited to availability, with no effect on confidentiality or integrity [description]. The attack results in a partial availability loss, as the affected system becomes unresponsive to network traffic.

Mitigation

As of the publication date, Microsoft's Security Response Center stated that their investigation did not confirm the issue [1]. No official fix or workaround has been provided by Microsoft. Users are advised to apply defense-in-depth measures, such as restricting access to TCP port 135 via firewall rules, monitoring for abnormal traffic patterns, and ensuring systems are up to date with other security patches. The vulnerability is not listed as exploited in the wild (KEV) and remains disputed.

References
  1. Windows XP/NT/SMB2003/2000 Denial of Service attack

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

35
  • Microsoft/Windows 20006 versions
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 5 more
    • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
    • (no CPE)
  • Microsoft/Windows Server 200314 versions
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition_64-bit:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition_64-bit:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
  • Microsoft/Windows Xp13 versions
    cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 12 more
    • cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:embedded:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:embedded:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    • (no CPE)
  • Microsoft/Windows Small Business Server 2003llm-create
  • Microsoft/Windows NT 4.0llm-fuzzy
    Range: <=4.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.