Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-0008 | First vendor Publication | 2006-02-14 |
Vendor | Cve | Last vendor Modification | 2018-10-30 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0008 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1595 | |||
Oval ID: | oval:org.mitre.oval:def:1595 | ||
Title: | Korean IME Privilege Elevation Vulnerability in 64-bit Windows XP | ||
Description: | The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-0008 | Version: | 5 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1650 | |||
Oval ID: | oval:org.mitre.oval:def:1650 | ||
Title: | Korean IME Privilege Elevation Vulnerability in Server 2003 | ||
Description: | The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-0008 | Version: | 6 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1664 | |||
Oval ID: | oval:org.mitre.oval:def:1664 | ||
Title: | Korean IME Privilege Elevation Vulnerability in Windows XP | ||
Description: | The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-0008 | Version: | 3 |
Platform(s): | Microsoft Windows XP | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:1688 | |||
Oval ID: | oval:org.mitre.oval:def:1688 | ||
Title: | Korean IME Privilege Elevation Vulnerability in Server 2003,SP1 | ||
Description: | The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-0008 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:727 | |||
Oval ID: | oval:org.mitre.oval:def:727 | ||
Title: | Korean IME Privilege Elevation Vulnerability in Office 2003 and Accessories | ||
Description: | The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-0008 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
23136 | Microsoft Windows/Office Korean Input Method Editor (IME) ShellAbout() Privil... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-02-14 | Name : A local user may elevate his privileges. File : smb_nt_ms06-009.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:03:35 |
|
2021-04-22 01:04:03 |
|
2020-05-23 00:17:17 |
|
2018-10-31 00:19:45 |
|
2018-10-19 21:19:43 |
|
2018-10-13 00:22:32 |
|
2017-10-11 09:23:36 |
|
2017-07-11 12:02:08 |
|
2016-12-06 12:01:00 |
|
2016-04-26 14:10:41 |
|
2014-02-17 10:34:12 |
|
2013-05-11 10:46:00 |
|