CVE-2006-6578

3 documents3 sources
Severity
7.5HIGH
EPSS
1.4%
top 19.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Information Services
Timeline
PublishedDec 15
Latest updateMay 1

Description

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-xm7g-hcv2-c226: Microsoft Internet Information Services (IIS) 52022-05-01
CVEList
CVE-2006-6578: Microsoft Internet Information Services (IIS) 52006-12-15
CVE-2006-6578 (HIGH CVSS 7.5) | Microsoft Internet Information Serv | cvebase.io