7.2

CVE-2006-0008

EPSS 0.79%
Published 14.02.2006 19:06:00
Last modified 03.04.2025 01:03:51
Source secure@microsoft.com
Teams watchlist Login
Open Login

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

Affected products Warnungen 0 Metrics 2 CWE 0 References 17

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Office Version2003

Microsoft ≫ Office Version2003 Updatesp1

Microsoft ≫ Office Version2003 Updatesp2

Microsoft ≫ Windows 2003 Server Versiondatacenter_64-bit Updatesp1

Microsoft ≫ Windows 2003 Server Versionenterprise Edition64-bit

Microsoft ≫ Windows 2003 Server Versionenterprise Updatesp1

Microsoft ≫ Windows 2003 Server Versionenterprise_64-bit

Microsoft ≫ Windows 2003 Server Versionenterprise_64-bit Updatesp1

Microsoft ≫ Windows 2003 Server Versionr2 Edition64-bit

Microsoft ≫ Windows 2003 Server Versionr2 Editiondatacenter_64-bit

Microsoft ≫ Windows 2003 Server Versionr2 Updatesp1

Microsoft ≫ Windows 2003 Server Versionstandard Edition64-bit

Microsoft ≫ Windows 2003 Server Versionstandard Updatesp1

Microsoft ≫ Windows 2003 Server Versionstandard_64-bit

Microsoft ≫ Windows 2003 Server Versionweb

Microsoft ≫ Windows 2003 Server Versionweb Updatesp1

Microsoft ≫ Windows Xp Edition64-bit

Microsoft ≫ Windows Xp Editionhome

Microsoft ≫ Windows Xp Editionmedia_center

Microsoft ≫ Windows Xp Updategold Editionprofessional

Microsoft ≫ Windows Xp Updatesp1 Editionhome

Microsoft ≫ Windows Xp Updatesp1 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp2 Editionhome

Microsoft ≫ Windows Xp Updatesp2 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.79%	0.715

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://secunia.com/advisories/18859

Patch

Vendor Advisory

http://securitytracker.com/id?1015631

Patch

http://www.kb.cert.org/vuls/id/739844

Third Party Advisory

US Government Resource

http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html

Vendor Advisory

http://www.securityfocus.com/archive/1/425141/100/0/threaded

http://www.securityfocus.com/bid/16643

Patch

http://www.vupen.com/english/advisories/2006/0578

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-009

https://exchange.xforce.ibmcloud.com/vulnerabilities/24492

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1595

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1650

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1664

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1688

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A727

https://nvd.nist.gov/vuln/detail/CVE-2006-0008

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0008

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0008

EUVD