CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
32.5%
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka “Permissive Windows Services DACLs.” NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:* |
microsoft | windows_xp | * | cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:* |
secunia.com/advisories/18756
secunia.com/advisories/19238
secunia.com/advisories/19313
securitytracker.com/id?1015595
securitytracker.com/id?1015765
support.avaya.com/elmodocs2/security/ASA-2006-069.htm
www.cs.princeton.edu/~sudhakar/papers/winval.pdf
www.kb.cert.org/vuls/id/953860
www.microsoft.com/technet/security/advisory/914457.mspx
www.securityfocus.com/archive/1/423587/100/0/threaded
www.vupen.com/english/advisories/2006/0417
www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011
exchange.xforce.ibmcloud.com/vulnerabilities/24463
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696