CVE-2006-0008 — Microsoft Office vulnerability

CWE-2648 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.8%

top 26.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Windows 2003 Server

Timeline

PublishedFeb 14

Latest updateMay 1

Description

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server7 versions+6

▶NVDmicrosoft/office2003

Patches

Patch: secunia.com ↗Patch: securitytracker.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wjg5-m2mm-fgxq: The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and↗2022-05-01

▶

CVEList

CVE-2006-0008: The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and↗2006-02-14

▶