4.3

CVE-2006-0023

EPSS 1.57%
Veröffentlicht 08.02.2006 02:18:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs."  NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 19

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.57%	0.807

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/19238

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

http://www.kb.cert.org/vuls/id/953860

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/423587/100/0/threaded

http://secunia.com/advisories/18756

Patch

Vendor Advisory

http://secunia.com/advisories/19313

Vendor Advisory

http://securitytracker.com/id?1015595

http://securitytracker.com/id?1015765

http://www.microsoft.com/technet/security/advisory/914457.mspx

Vendor Advisory

http://www.vupen.com/english/advisories/2006/0417

Vendor Advisory

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011

https://exchange.xforce.ibmcloud.com/vulnerabilities/24463

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696

https://nvd.nist.gov/vuln/detail/CVE-2006-0023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0023

EUVD