Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0008

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-0008
Last Modified 28 Mar 2011 12:00:00
Published 14 Feb 2006 02:06:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0008

Summary

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server Datacenter 64-bit

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Standard 64-bit

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Xp

Application

  • Microsoft Office 2003


References

CERT-VN - VU#739844

BID - 16643

MS - MS06-009

SECTRACK - 1015631

SECUNIA - 18859

XF - win-korean-ime-privilege-elevation(24492)

VUPEN - ADV-2006-0578

BUGTRAQ - 20060215 Security advisory: Windows IME Vulnerability (MS06-009)

MISC - http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html


Last Updated: 27 May 2016 10:41:29