VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 22, 2006· Updated Apr 23, 2026

CVE-2006-6696

CVE-2006-6696

Description

Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.

Affected products

29
  • Microsoft/Windows 20005 versions
    cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • Microsoft/Windows 2003 Server12 versions
    cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*+ 11 more
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:datacenter_edition:sp1_beta_1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:enterprise_edition:sp1_beta_1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:sp1:*:enterprise:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:standard:sp1_beta_1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_2003_server:web:sp1_beta_1:*:*:*:*:*:*
  • Microsoft/Windows Vista4 versions
    cpe:2.3:o:microsoft:windows_vista:*:*:december_ctp:*:*:*:*:*+ 3 more
    • cpe:2.3:o:microsoft:windows_vista:*:*:december_ctp:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:beta:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:beta1:*:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_vista:*:beta2:*:*:*:*:*:*
  • Microsoft/Windows Xp8 versions
    cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*+ 7 more
    • cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
    • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

23

News mentions

0

No linked articles in our index yet.