CVE-2006-6579

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine.

Published: Dec 15, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6579
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / internet_information_server	-	5.0.x
microsoft / internet_information_server	3.0	3.0.x
microsoft / internet_information_server	4.0-alpha	4.0-alpha.x
microsoft / internet_information_server	4.0	4.0.x
microsoft / internet_information_services	1.0	1.0.x
microsoft / internet_information_services	2.0	2.0.x

http://www.securityfocus.com/archive/1/454268/100/0/threaded

Vulnerability Database

289,599

CVE-2006-6579