CVE-2006-6578

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services
Vendor: CVE Published:; 15 December 2006

Summary

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

References

http://securityreason.com/securityalert/2036

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/454268/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 15, 2006
Vulnerability Reserved
Dec 15, 2006

Collectors

NVD DatabaseMitre Database