CVE-2006-6579

Severity

44%

Complexity

34%

Confidentiality

106%

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Microsoft

First reported 18 years ago

2006-12-15 19:28:00

Last updated 6 years ago

2018-10-17 21:49:00

Affected Software

Microsoft IIS 1.0

1.0

Microsoft IIS 2.0

2.0

Microsoft IIS 3.0

3.0

Microsoft IIS 4.0

4.0

Microsoft Internet Information Server 4.0 Alpha

4.0

Microsoft IIS

References

20061213 ASP Cmd Shell On IIS 5.1

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.