CVE-2006-0023
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
08/02/2006
Last modified:
03/04/2025
Description
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/18756
- http://secunia.com/advisories/19238
- http://secunia.com/advisories/19313
- http://securitytracker.com/id?1015595=
- http://securitytracker.com/id?1015765=
- http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
- http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
- http://www.kb.cert.org/vuls/id/953860
- http://www.microsoft.com/technet/security/advisory/914457.mspx
- http://www.securityfocus.com/archive/1/423587/100/0/threaded
- http://www.vupen.com/english/advisories/2006/0417
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24463
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696
- http://secunia.com/advisories/18756
- http://secunia.com/advisories/19238
- http://secunia.com/advisories/19313
- http://securitytracker.com/id?1015595=
- http://securitytracker.com/id?1015765=
- http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
- http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf
- http://www.kb.cert.org/vuls/id/953860
- http://www.microsoft.com/technet/security/advisory/914457.mspx
- http://www.securityfocus.com/archive/1/423587/100/0/threaded
- http://www.vupen.com/english/advisories/2006/0417
- http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24463
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696