CVE-2006-6578

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

Published: Dec 15, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6578
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_services	5.1	5.1.x

http://securityreason.com/securityalert/2036
http://www.securityfocus.com/archive/1/454268/100/0/threaded

Vulnerability Database

289,697

CVE-2006-6578