Check Point Advisories

Update Protection against Microsoft Windows Web Client Service Vulnerability (MS06-008)

Check Point Reference: CPAI-2006-015
Date Published: 14 Feb 2006
Severity: High
Last Updated: Tuesday 08 May, 2007
Source: Microsoft Security Bulletin MS06-008
Industry Reference:CVE-2006-0013
Protection Provided by:
Who is Vulnerable? Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Vulnerability Description A vulnerability was detected in Microsoft Windows Web Client service. The Web Client Service allows applications to access documents on the Internet by using the WebDAV protocol. WebDAV is a set of extensions to the HTTP protocol that allows users to collaboratively edit and manage files on remote web servers. To exploit the vulnerability, an attacker would first have to authenticate to the system. Successful exploitation will enable an attacker complete control of an affected system.
Vulnerability StatusNo exploit has been reported so far.
Update/Patch AvaliableMicrosoft has released a patch for this vulnerability. The patch is available at
Vulnerability DetailsThe vulnerability is caused by an unchecked buffer in the Web Client service. To exploit the vulnerability, an attacker must have valid logon credentials. By creating a series of specially crafted messages and sending them to an affected system, an attacker can cause the affected system to execute code.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.