Sign-up

ID

VAR-200612-0120


CVE

CVE-2006-6579


TITLE

Microsoft Windows XP Vulnerabilities in reading and writing files

Trust: 0.8

sources: JVNDB: JVNDB-2006-002578

DESCRIPTION

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. IIS is prone to a local security vulnerability

Trust: 1.98

sources: NVD: CVE-2006-6579 // JVNDB: JVNDB-2006-002578 // BID: 87261 // VULMON: CVE-2006-6579

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information serverscope:eqversion:4.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:eqversion:3.0

Trust: 1.6

vendor:microsoftmodel:internet information serverscope:lteversion:5.0

Trust: 1.0

vendor:microsoftmodel:internet information servicesscope:eqversion:1.0

Trust: 1.0

vendor:microsoftmodel:internet information servicesscope:eqversion:2.0

Trust: 1.0

vendor:microsoftmodel:iisscope: - version: -

Trust: 0.8

vendor:microsoftmodel:internet information serverscope:eqversion:2.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:1.0

Trust: 0.6

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:3.0

Trust: 0.3

vendor:microsoftmodel:iisscope:eqversion:2.0

Trust: 0.3

sources: BID: 87261 // JVNDB: JVNDB-2006-002578 // CNNVD: CNNVD-200612-341 // NVD: CVE-2006-6579

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-6579
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-6579
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200612-341
value: MEDIUM

Trust: 0.6

VULMON: CVE-2006-6579
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-6579
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2006-6579 // JVNDB: JVNDB-2006-002578 // CNNVD: CNNVD-200612-341 // NVD: CVE-2006-6579

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-6579

THREAT TYPE

local

Trust: 0.9

sources: BID: 87261 // CNNVD: CNNVD-200612-341

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200612-341

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002578

PATCH
title:Windowsurl:http://windows.microsoft.com/ja-JP/windows/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002578

EXTERNAL IDS
db:NVDid:CVE-2006-6579
Trust: 2.8
db:JVNDBid:JVNDB-2006-002578
Trust: 0.8
db:CNNVDid:CNNVD-200612-341
Trust: 0.6
db:BIDid:87261
Trust: 0.4
db:VULMONid:CVE-2006-6579
Trust: 0.1
sources:
            
            
            VULMON: CVE-2006-6579 // 
            
            
            
            BID: 87261 // 
            
            
            
            JVNDB: JVNDB-2006-002578 // 
            
            
            
            CNNVD: CNNVD-200612-341 // 
            
            
            
            NVD: CVE-2006-6579

REFERENCES
url:http://www.securityfocus.com/archive/1/454268/100/0/threaded
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-6579
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-6579
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/454268/100/0/threaded
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/.html
Trust: 0.1
url:https://www.securityfocus.com/bid/87261
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULMON: CVE-2006-6579 // 
            
            
            
            BID: 87261 // 
            
            
            
            JVNDB: JVNDB-2006-002578 // 
            
            
            
            CNNVD: CNNVD-200612-341 // 
            
            
            
            NVD: CVE-2006-6579

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 87261

SOURCES
db:VULMONid:CVE-2006-6579
db:BIDid:87261
db:JVNDBid:JVNDB-2006-002578
db:CNNVDid:CNNVD-200612-341
db:NVDid:CVE-2006-6579

LAST UPDATE DATE
2024-08-14T15:35:54.385000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2006-6579date:2020-11-23T00:00:00
db:BIDid:87261date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-002578date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200612-341date:2020-11-24T00:00:00
db:NVDid:CVE-2006-6579date:2020-11-23T19:49:23.783

SOURCES RELEASE DATE
db:VULMONid:CVE-2006-6579date:2006-12-15T00:00:00
db:BIDid:87261date:2006-12-15T00:00:00
db:JVNDBid:JVNDB-2006-002578date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200612-341date:2006-12-15T00:00:00
db:NVDid:CVE-2006-6579date:2006-12-15T19:28:00