6.8 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
30.8%
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka “Permissive Windows Services DACLs.” NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:windows_xp | microsoft windows xp | eq | * |
secunia.com/advisories/18756
secunia.com/advisories/19238
secunia.com/advisories/19313
securitytracker.com/id?1015595
securitytracker.com/id?1015765
support.avaya.com/elmodocs2/security/ASA-2006-069.htm
www.cs.princeton.edu/~sudhakar/papers/winval.pdf
www.kb.cert.org/vuls/id/953860
www.microsoft.com/technet/security/advisory/914457.mspx
www.securityfocus.com/archive/1/423587/100/0/threaded
www.vupen.com/english/advisories/2006/0417
www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011
exchange.xforce.ibmcloud.com/vulnerabilities/24463
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696