Details of VAR-200612-0119

ID

VAR-200612-0119

CVE

CVE-2006-6578

TITLE

Microsoft IIS 5.1 Vulnerable to arbitrary command execution

Trust: 0.8

sources: JVNDB: JVNDB-2006-002577

DESCRIPTION

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions. IIS is prone to a remote security vulnerability

Trust: 1.89

sources: NVD: CVE-2006-6578 // JVNDB: JVNDB-2006-002577 // BID: 87257

AFFECTED PRODUCTS

vendor:	microsoft	model:	iis	scope:	eq	version:	5.1	Trust: 1.1
vendor:	microsoft	model:	internet information services	scope:	eq	version:	5.1	Trust: 1.0
vendor:	microsoft	model:	internet information server	scope:	eq	version:	5.1	Trust: 0.6

sources: BID: 87257 // JVNDB: JVNDB-2006-002577 // CNNVD: CNNVD-200612-331 // NVD: CVE-2006-6578

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-6578
value:	HIGH
Trust: 1.0
NVD:	CVE-2006-6578
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200612-331
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2006-6578
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2006-002577 // CNNVD: CNNVD-200612-331 // NVD: CVE-2006-6578

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2006-6578

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200612-331

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200612-331

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002577

PATCH

title:

Internet Information Services

url:

http://www.microsoft.com/ja-jp/server-cloud/windows-server/internet-information-services-iis.aspx

Trust: 0.8

sources: JVNDB: JVNDB-2006-002577

EXTERNAL IDS

db:	NVD	id:	CVE-2006-6578	Trust: 2.7
db:	SREASON	id:	2036	Trust: 1.9
db:	JVNDB	id:	JVNDB-2006-002577	Trust: 0.8
db:	CNNVD	id:	CNNVD-200612-331	Trust: 0.6
db:	BID	id:	87257	Trust: 0.3

sources: BID: 87257 // JVNDB: JVNDB-2006-002577 // CNNVD: CNNVD-200612-331 // NVD: CVE-2006-6578

REFERENCES

url:	http://securityreason.com/securityalert/2036	Trust: 1.9
url:	http://www.securityfocus.com/archive/1/454268/100/0/threaded	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6578	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6578	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/454268/100/0/threaded	Trust: 0.3

sources: BID: 87257 // JVNDB: JVNDB-2006-002577 // CNNVD: CNNVD-200612-331 // NVD: CVE-2006-6578

CREDITS

Unknown

Trust: 0.3

sources: BID: 87257

SOURCES

db:	BID	id:	87257
db:	JVNDB	id:	JVNDB-2006-002577
db:	CNNVD	id:	CNNVD-200612-331
db:	NVD	id:	CVE-2006-6578

LAST UPDATE DATE

2024-08-14T14:08:23.480000+00:00

SOURCES UPDATE DATE

db:	BID	id:	87257	date:	2006-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2006-002577	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200612-331	date:	2020-11-24T00:00:00
db:	NVD	id:	CVE-2006-6578	date:	2020-12-08T17:35:10.500

SOURCES RELEASE DATE

db:	BID	id:	87257	date:	2006-12-15T00:00:00
db:	JVNDB	id:	JVNDB-2006-002577	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200612-331	date:	2006-12-15T00:00:00
db:	NVD	id:	CVE-2006-6578	date:	2006-12-15T19:28:00