CVE-2006-4465

Exploit

EPSS 23.36%
Veröffentlicht 31.08.2006 20:04:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error.  NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Terminal Server

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	23.36%	0.958

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

http://securityreason.com/securityalert/1486

http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html

Exploit

http://www.securityfocus.com/archive/1/443364/100/200/threaded

http://www.securityfocus.com/archive/1/443428/100/200/threaded

https://nvd.nist.gov/vuln/detail/CVE-2006-4465

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-4465

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-4465

EUVD