exploitDog

CVE-2006-6578

Опубликовано: 15 дек. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

Ссылки

http://securityreason.com/securityalert/2036
Exploit
Third Party Advisory
http://www.securityfocus.com/archive/1/454268/100/0/threaded
Exploit
Third Party Advisory
VDB Entry
http://securityreason.com/securityalert/2036
Exploit
Third Party Advisory
http://www.securityfocus.com/archive/1/454268/100/0/threaded
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:internet_information_services:5.1:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.014

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-xm7g-hcv2-c226

github

почти 4 года назад

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

EPSS

Процентиль: 80%

0.014

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-noinfo