Windows Search Path Vulnerabilities in Apache Friends XAMPP
CVE-2006-4994

Currently unrated

Key Information:

Vendor

Apachefriends

Status
Xampp
Vendor
CVE Published:
26 September 2006

What is CVE-2006-4994?

Multiple unquoted Windows search path vulnerabilities exist in Apache Friends XAMPP 1.5.2, potentially allowing local users to escalate privileges through the execution of malicious program files located in %SYSTEMDRIVE%. This issue arises when XAMPP components, specifically FileZillaServer.exe, mysqld-nt.exe, Perl.exe, or xamppcontrol.exe, are run using unquoted 'Program Files' pathnames. An attacker could exploit this flaw to execute arbitrary code with elevated privileges.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-M...
mailing-listx_refsource_FULLDISC
http://secdev.zoller.lu/research/xamp1.htm
x_refsource_MISC
http://www.securityfocus.com/archive/1/434699/30/4860/thr...
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.