4.3

CVE-2006-0023

EPSS 1.57%
Published 08.02.2006 02:18:00
Last modified 03.04.2025 01:03:51
Source secure@microsoft.com
Teams watchlist Login
Open Login

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs."  NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

Affected products Warnungen 0 Metrics 2 CWE 0 References 19

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Xp Updatesp1 Editiontablet_pc

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.57%	0.807

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	3.1	6.4	AV:L/AC:L/Au:S/C:P/I:P/A:P

http://secunia.com/advisories/19238

Vendor Advisory

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

http://www.kb.cert.org/vuls/id/953860

Third Party Advisory

US Government Resource

http://www.securityfocus.com/archive/1/423587/100/0/threaded

http://secunia.com/advisories/18756

Patch

Vendor Advisory

http://secunia.com/advisories/19313

Vendor Advisory

http://securitytracker.com/id?1015595

http://securitytracker.com/id?1015765

http://www.microsoft.com/technet/security/advisory/914457.mspx

Vendor Advisory

http://www.vupen.com/english/advisories/2006/0417

Vendor Advisory

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011

https://exchange.xforce.ibmcloud.com/vulnerabilities/24463

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696

https://nvd.nist.gov/vuln/detail/CVE-2006-0023

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-0023

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-0023

EUVD