Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2006-0008
HistoryFeb 14, 2006 - 7:06 p.m.

CVE-2006-0008

2006-02-1419:06:00
CWE-264
[email protected]
web.nvd.nist.gov
26
cve-2006-0008
shellabout api
korean input method editor
microsoft windows
privilege escalation
notepad
security vulnerability
nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the “shell about dialog box” and clicking the “End-User License Agreement” link, which executes Notepad with the privileges of the program that displays the about box.

Affected configurations

NVD
Node
microsoftofficeMatch2003
OR
microsoftofficeMatch2003sp1
OR
microsoftofficeMatch2003sp2
Node
microsoftwindows_2003_serverMatchdatacenter_64-bitsp1
OR
microsoftwindows_2003_serverMatchenterprise64-bit
OR
microsoftwindows_2003_serverMatchenterprisesp1
OR
microsoftwindows_2003_serverMatchenterprise_64-bit
OR
microsoftwindows_2003_serverMatchenterprise_64-bitsp1
OR
microsoftwindows_2003_serverMatchr264-bit
OR
microsoftwindows_2003_serverMatchr2datacenter_64-bit
OR
microsoftwindows_2003_serverMatchr2sp1
OR
microsoftwindows_2003_serverMatchstandard64-bit
OR
microsoftwindows_2003_serverMatchstandardsp1
OR
microsoftwindows_2003_serverMatchstandard_64-bit
OR
microsoftwindows_2003_serverMatchweb
OR
microsoftwindows_2003_serverMatchwebsp1
OR
microsoftwindows_xp64-bit
OR
microsoftwindows_xphome
OR
microsoftwindows_xpmedia_center
OR
microsoftwindows_xpgoldprofessional
OR
microsoftwindows_xpsp1home
OR
microsoftwindows_xpsp1media_center
OR
microsoftwindows_xpsp2home
OR
microsoftwindows_xpsp2media_center
OR
microsoftwindows_xpsp2tablet_pc
CPENameOperatorVersion
microsoft:officemicrosoft officeeq2003

References

Related

nvd 1
cert 1
nessus 1
prion 1
securityvulns 1
cvelist 1
nvd
nvd
CVE-2006-0008
2006-02-14 19:06:00
cert
cert
Microsoft Windows Korean Input Method Editor vulnerability
2006-02-14 00:00:00
nessus
nessus
MS06-009: Vulnerability in Korean Input Method Could Allow Elevation of Privilege (901190)
2006-02-14 00:00:00
prion
prion
Input validation
2006-02-14 19:06:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-009 Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)
2006-02-15 00:00:00
cvelist
cvelist
CVE-2006-0008
2006-02-14 19:00:00

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.9%

JSON
Related for CVE-2006-0008
nvd1cert1nessus1prion1securityvulns1cvelist1