CVE-2006-4465 - Microsoft Terminal Server, when running an application session with the "Start program at logon" and

CVE-2006-4465

Summary

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

References

Vulnerable Configurations

cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 17-05-2024 - 00:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20060816 MS Terminal Server application session breakout 20060816 Re: MS Terminal Server application session breakout
misc	http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html
sreason	1486

Last major update

17-05-2024 - 00:30

Published

31-08-2006 - 20:04

Last modified

17-05-2024 - 00:30