Arbitrary Code Execution in Microsoft Terminal Server for Local Users
CVE-2006-4465

Currently unrated

Key Information:

Vendor
Microsoft
Status
Terminal Server
Vendor
CVE Published:
31 August 2006

Summary

Microsoft Terminal Server, under specific configurations where 'Start program at logon' and 'Override settings from user profile and Client Connection Manager wizard' are enabled, could be exploited by local users. By forcing an error in the Explorer environment, unauthorized code execution becomes possible. While these settings were designed for user convenience, they inadvertently expose the server to potential security risks, allowing malicious actors to leverage them for executing arbitrary code.

References

http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server...
x_refsource_MISC
http://www.securityfocus.com/archive/1/443428/100/200/thr...
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443364/100/200/thr...
mailing-listx_refsource_BUGTRAQ

EPSS Score

26% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2006-4465 : Arbitrary Code Execution in Microsoft Terminal Server for Local Users | SecurityVulnerability.io