CVE-2006-4465 - Vulnerability Details - OpenCVE

Description

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

Published: 2006-08-31

Score: 10.0 Critical

EPSS: 23.4% Moderate

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

The EPSS score is 0.23355.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://securityreason.com/securityalert/1486
http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html
http://www.securityfocus.com/archive/1/443364/100/200/threaded
http://www.securityfocus.com/archive/1/443428/100/200/threaded

History

No history.

Subscriptions

Microsoft Terminal Server

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-31T20:00:00.000Z

Updated: 2024-08-07T19:14:47.092Z

Reserved: 2006-08-31T00:00:00.000Z

Link: CVE-2006-4465

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-08-31T20:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-4465

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-16T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft Terminal Server, when running an application session with the \"Start program at logon\" and \"Override settings from user profile and Client Connection Manager wizard\" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are \"a convenience to users\" and were not intended to restrict execution of arbitrary code"}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html"}, {"name": "20060816 Re: MS Terminal Server application session breakout", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/443428/100/200/threaded"}, {"name": "20060816 MS Terminal Server application session breakout", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/443364/100/200/threaded"}, {"name": "1486", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1486"}], "tags": ["disputed"], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4465", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "** DISPUTED ** Microsoft Terminal Server, when running an application session with the \"Start program at logon\" and \"Override settings from user profile and Client Connection Manager wizard\" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are \"a convenience to users\" and were not intended to restrict execution of arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html", "refsource": "MISC", "url": "http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html"}, {"name": "20060816 Re: MS Terminal Server application session breakout", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443428/100/200/threaded"}, {"name": "20060816 MS Terminal Server application session breakout", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/443364/100/200/threaded"}, {"name": "1486", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1486"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:14:47.092Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html"}, {"name": "20060816 Re: MS Terminal Server application session breakout", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/443428/100/200/threaded"}, {"name": "20060816 MS Terminal Server application session breakout", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/443364/100/200/threaded"}, {"name": "1486", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1486"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4465", "datePublished": "2006-08-31T20:00:00.000Z", "dateReserved": "2006-08-31T00:00:00.000Z", "dateUpdated": "2024-08-07T19:14:47.092Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "40242161-D5AD-4314-AB95-E61292C49DF2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "Microsoft Terminal Server, when running an application session with the \"Start program at logon\" and \"Override settings from user profile and Client Connection Manager wizard\" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are \"a convenience to users\" and were not intended to restrict execution of arbitrary code"}, {"lang": "es", "value": "** IMPUGNADA ** Microsoft Terminal Server, al ejecutar una sesi\u00f3n de aplicaci\u00f3n con las opciones \"Ejecutar programa al iniciar\" y \"Sobreescribir configuraci\u00f3n desde el perfil de usuario y el asistente de manejo de conexiones de cliente\", permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n forzando un error de Explorer. NOTA: un investigador de una tercera parte ha afirmado que las opciones son \"una conveniencia para los usuarios\" y que no est\u00e1n destinadas a restringir la ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2006-4465", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-31T20:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1486"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443364/100/200/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/443428/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443364/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/443428/100/200/threaded"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}