Stack-based buffer overflow in the DCE/RPC preprocessor in Snort before 2.6.1.3, and 2.7 before beta 2; and Sourcefire Intrusion Sensor; allows remote attackers to execute arbitrary code via crafted SMB traffic.
CVE-2006-5276
Score elevated to 9.0 because EPSS predicts 88% probability of exploitation within the next 30 days (top 0.5% of all CVEs). Confidence: see factors.
- High exploitation likelihood — EPSS 79%
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- —
- EG Score
- 9.0(low)
- EPSS
- 99.6%
- KEV
- Not listed
Published
February 20, 2007
Last Modified
April 23, 2026
References (48)
- cve@mitrehttp://fedoranews.org/updates/FEDORA-2007-206.shtml
- cve@mitrehttp://iss.net/threats/257.html
- cve@mitrehttp://secunia.com/advisories/24190
- cve@mitrehttp://secunia.com/advisories/24235
- cve@mitrehttp://secunia.com/advisories/24239
- cve@mitrehttp://secunia.com/advisories/24240
- cve@mitrehttp://secunia.com/advisories/24272
- cve@mitrehttp://secunia.com/advisories/26746
- cve@mitrehttp://security.gentoo.org/glsa/glsa-200703-01.xml
- cve@mitrehttp://www.kb.cert.org/vuls/id/196240
- cve@mitrehttp://www.osvdb.org/32094
- cve@mitrehttp://www.securityfocus.com/archive/1/461810/100/0/threaded
- cve@mitrehttp://www.securityfocus.com/bid/22616
- cve@mitrehttp://www.securitytracker.com/id?1017669
- cve@mitrehttp://www.securitytracker.com/id?1017670
Data Freshness Timeline
(refreshed 0× in last 7d / 12× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
- 2026-07-02 14:00 UTCEPSS rescore
- 2026-07-01 15:02 UTCEPSS rescore
- 2026-07-01 15:02 UTCEPSS rescore
- 2026-06-28 14:02 UTCEPSS rescore
- 2026-06-28 04:52 UTCEPSS rescore
- 2026-06-25 13:46 UTCEPSS rescore
- 2026-06-25 13:46 UTCEPSS rescore
- 2026-06-23 21:29 UTCEPSS rescore
- 2026-06-23 21:29 UTCEPSS rescore
- 2026-06-17 17:49 UTCEPSS rescore
- 2026-06-17 17:49 UTCEPSS rescore
- 2026-06-15 17:44 UTCEPSS rescore
- 2026-06-13 22:57 UTCEPSS rescore
- 2026-06-13 22:57 UTCEPSS rescore
- 2026-06-12 23:08 UTCEPSS rescore
- 2026-06-08 14:13 UTCEPSS rescore
- 2026-06-07 15:21 UTCEPSS rescore
- 2026-06-07 15:21 UTCEPSS rescore
- 2026-06-05 22:44 UTCEPSS rescore
- 2026-06-05 22:44 UTCEPSS rescore
- 2026-05-31 04:14 UTCEG score recompute
- 2026-05-31 04:13 UTCGHSA enrichment
- 2026-05-29 13:40 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
- 2026-05-28 13:42 UTCEPSS rescore
Show 10 moreShow fewer
- 2026-05-26 07:16 UTCEPSS rescore
- 2026-05-26 07:16 UTCEPSS rescore
- 2026-05-26 07:16 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-22 21:15 UTCEPSS rescore
- 2026-05-21 22:38 UTCEPSS rescore
- 2026-05-20 22:36 UTCEPSS rescore
- 2026-05-18 21:29 UTCEPSS rescore
- 2026-05-18 21:29 UTCEPSS rescore
Publicly available exploits
(5 references)Working exploit code is in the public domain (1 Metasploit module) (4 Exploit-DB entries). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- Exploit-DBEDB-18723✓ verifiedFirst seen Apr 9, 2012
Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)
Open source ↗ - Exploit-DBEDB-3609✓ verifiedFirst seen Mar 30, 2007
Snort 2.6.1 (Linux) - DCE/RPC Preprocessor Remote Buffer Overflow
Open source ↗ - Exploit-DBEDB-3391✓ verifiedFirst seen Mar 1, 2007
Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow
Open source ↗ - Exploit-DBEDB-3362✓ verifiedFirst seen Feb 23, 2007
Snort 2.6.1 - DCE/RPC Preprocessor Remote Buffer Overflow (Denial of Service) (PoC)
Open source ↗ - Metasploitexploit/multi/ids/snort_dce_rpc✓ verifiedFirst seen Feb 19, 2007
Snort 2 DCE/RPC Preprocessor Buffer Overflow
Open source ↗
Frequently asked(4)
What is CVE-2006-5276?
When was CVE-2006-5276 disclosed?
Is CVE-2006-5276 actively exploited?
How do I remediate CVE-2006-5276?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2006-5276
Is Your Infrastructure Affected by CVE-2006-5276?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.