7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.9%
The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the “shell about dialog box” and clicking the “End-User License Agreement” link, which executes Notepad with the privileges of the program that displays the about box.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:office | microsoft office | eq | 2003 |
secunia.com/advisories/18859
securitytracker.com/id?1015631
www.kb.cert.org/vuls/id/739844
www.ryanstyle.com/alert/my/5/ms06_009_eng.html
www.securityfocus.com/archive/1/425141/100/0/threaded
www.securityfocus.com/bid/16643
www.vupen.com/english/advisories/2006/0578
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-009
exchange.xforce.ibmcloud.com/vulnerabilities/24492
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1595
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1650
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1664
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1688
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A727