CVE-2006-4465
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
31/08/2006
Last modified:
03/04/2025
Description
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/1486
- http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html
- http://www.securityfocus.com/archive/1/443364/100/200/threaded
- http://www.securityfocus.com/archive/1/443428/100/200/threaded
- http://securityreason.com/securityalert/1486
- http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html
- http://www.securityfocus.com/archive/1/443364/100/200/threaded
- http://www.securityfocus.com/archive/1/443428/100/200/threaded