CVE-2006-4465

Exploit

EPSS 23.36%
Published 31.08.2006 20:04:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error.  NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

Affected products Warnungen 0 Metrics 2 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Terminal Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	23.36%	0.958

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://securityreason.com/securityalert/1486

http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html

Exploit

http://www.securityfocus.com/archive/1/443364/100/200/threaded

http://www.securityfocus.com/archive/1/443428/100/200/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-4465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4465

EUVD