Lucene search

[email protected]CVE-2006-3443

HistoryAug 09, 2006 - 1:04 a.m.

CVE-2006-3443

2006-08-0901:04:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2006-3443

untrusted search path vulnerability

winlogon

microsoft windows

user profile elevation of privilege vulnerability

6.7 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON

Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka “User Profile Elevation of Privilege Vulnerability.”

CPENameOperatorVersion
microsoft:windows_2000microsoft windows 2000eq*

CPE	Name	Operator	Version
microsoft:windows_2000	microsoft windows 2000	eq	*

References

secunia.com/advisories/21417

securitytracker.com/id?1016662

www.kb.cert.org/vuls/id/337244

www.securityfocus.com/bid/19375

www.vupen.com/english/advisories/2006/3216

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-051

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A155

6.7 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.005 Low

EPSS

Percentile

75.0%

JSON

Related for CVE-2006-3443

cert1 nessus1 securityvulns1