CVE-2006-3209 - The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permis

CVE-2006-3209

Summary

The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation

References

http://securityreason.com/securityalert/1137
http://www.securityfocus.com/archive/1/436884/100/200/threaded
http://www.securityfocus.com/archive/1/436810/100/200/threaded

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*

CVSS

Base:	7.2 (as of 17-05-2024 - 00:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:L/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20060612 Re: Windows XP Task Scheduler Local Privilege Escalation (Advisory) 20060612 Windows XP Task Scheduler Local Privilege Escalation (Advisory)
sreason	1137

Last major update

17-05-2024 - 00:29

Published

24-06-2006 - 01:06

Last modified

17-05-2024 - 00:29