SMB: Microsoft Windows Print Spooler GetPrinterData Denial of Service

This signature detects attempts to exploit a known vulnerability against Microsoft Windows Print Spooler service. A successful attack can result in a denial-of-service condition.

Extended Description

The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.

Affected Products

Microsoft windows_xp

References

BugTraq: 21401

CVE: CVE-2006-6296

Short Name
SMB:NETBIOS:GETPRINTERDATA-DOS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
SMB
Keywords
CVE-2006-6296 Denial GetPrinterData Microsoft Print Service Spooler Windows bid:21401 of
Release Date
05/15/2014
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3761
False Positive
Unknown
Vendors

Microsoft

CVSS Score

6.1

Found a potential security threat?