Integer Overflow in Novell Client's DPRPC Library Allows Remote Code Execution
CVE-2006-2304

Currently unrated

Key Information:

Vendor: Novell
Status: Client
Vendor: CVE Published:; 11 May 2006

What is CVE-2006-2304?

The Novell Client experiences multiple integer overflow vulnerabilities within the DPRPC library (DPRPCW32.DLL). Attackers can exploit these vulnerabilities by sending specially crafted XDR encoded arrays, which contain fields specifying an excessively large number of elements. This can trigger integer overflow conditions in the ndps_xdr_array function and potentially execute arbitrary code on affected systems, compromising security and exposing sensitive information.

References

http://securitytracker.com/id?1016052

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/20048

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2006/1759

vdb-entryx_refsource_VUPEN

EPSS Score

13% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2006
Vulnerability Reserved
May 11, 2006