{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-01-31T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka \"Permissive Windows Services DACLs.\" NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "19313", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19313"}, {"name": "oval:org.mitre.oval:def:1671", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671"}, {"name": "1015765", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015765"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"}, {"name": "19238", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19238"}, {"name": "20060131 Windows Access Control Demystified", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"}, {"name": "VU#953860", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/953860"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID="}, {"tags": ["x_refsource_MISC"], "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"}, {"name": "win-auth-users-insecure-permissions(24463)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24463"}, {"name": "18756", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18756"}, {"name": "MS06-011", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011"}, {"name": "oval:org.mitre.oval:def:1696", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696"}, {"tags": ["x_refsource_MISC"], "url": "http://www.microsoft.com/technet/security/advisory/914457.mspx"}, {"name": "1015595", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015595"}, {"name": "ADV-2006-0417", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0417"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-0023", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka \"Permissive Windows Services DACLs.\" NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19313", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19313"}, {"name": "oval:org.mitre.oval:def:1671", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671"}, {"name": "1015765", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015765"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"}, {"name": "19238", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19238"}, {"name": "20060131 Windows Access Control Demystified", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"}, {"name": "VU#953860", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/953860"}, {"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=", "refsource": "CONFIRM", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID="}, {"name": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf", "refsource": "MISC", "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"}, {"name": "win-auth-users-insecure-permissions(24463)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24463"}, {"name": "18756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18756"}, {"name": "MS06-011", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011"}, {"name": "oval:org.mitre.oval:def:1696", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696"}, {"name": "http://www.microsoft.com/technet/security/advisory/914457.mspx", "refsource": "MISC", "url": "http://www.microsoft.com/technet/security/advisory/914457.mspx"}, {"name": "1015595", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015595"}, {"name": "ADV-2006-0417", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0417"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:18:20.702Z"}, "title": "CVE Program Container", "references": [{"name": "19313", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19313"}, {"name": "oval:org.mitre.oval:def:1671", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671"}, {"name": "1015765", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015765"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"}, {"name": "19238", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19238"}, {"name": "20060131 Windows Access Control Demystified", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"}, {"name": "VU#953860", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/953860"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID="}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"}, {"name": "win-auth-users-insecure-permissions(24463)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24463"}, {"name": "18756", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18756"}, {"name": "MS06-011", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011"}, {"name": "oval:org.mitre.oval:def:1696", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.microsoft.com/technet/security/advisory/914457.mspx"}, {"name": "1015595", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015595"}, {"name": "ADV-2006-0417", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0417"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-0023", "datePublished": "2006-02-08T02:00:00.000Z", "dateReserved": "2005-11-30T00:00:00.000Z", "dateUpdated": "2024-08-07T16:18:20.702Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*", "matchCriteriaId": "B9687E6C-EDE9-42E4-93D0-C4144FEC917A", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*", "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka \"Permissive Windows Services DACLs.\" NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit."}, {"lang": "es", "value": "Microsoft Windows XP SP1 y SP2 anteriores a agosto de 2004, y posiblemente otros sistemas operativos y versiones, usa ACLs inseguras por defecto que permiten al grupo Usuarios autentificados ganar privilegios modificando informaci\u00f3n de configuraci\u00f3n cr\u00edtica de los servicios (1) Protocolo de Descubrimiento de Servicio Simple (SSDP) y (2) 'Plug and Play' Universal (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP y (6) servicios DnsCache, tcc \"DACLs de Servicios de Windows Permisivas\". NOTA: Los servicios NetBT, SCardSvr, DHCP, DnsCache ya requer\u00edan acceso privilegiado para acceder a la explotaci\u00f3n."}], "id": "CVE-2006-0023", "lastModified": "2026-04-16T00:27:16.627", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-08T02:18:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18756"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19238"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19313"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015595"}, {"source": "secure@microsoft.com", "url": "http://securitytracker.com/id?1015765"}, {"source": "secure@microsoft.com", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"}, {"source": "secure@microsoft.com", "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/953860"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.microsoft.com/technet/security/advisory/914457.mspx"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0417"}, {"source": "secure@microsoft.com", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID="}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011"}, {"source": "secure@microsoft.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24463"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/18756"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/19313"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015595"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015765"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/953860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.microsoft.com/technet/security/advisory/914457.mspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/423587/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID="}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}