CVE-2006-6579

3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.2%

top 59.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedDec 15

Latest updateMay 1

Description

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server5.0+2

▶NVDmicrosoft/internet_information_services1.0, 2.0+1

🔴Vulnerability Details

GHSA

GHSA-pw4c-rvwh-9f35: Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows loca↗2022-05-01

▶

CVEList

CVE-2006-6579: Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows loca↗2006-12-15

▶