Local File Access Vulnerability in Microsoft Windows XP
CVE-2006-6579

Currently unrated

Key Information:

Vendor
Microsoft
Status
Internet Information Server
Internet Information Services
Vendor
CVE Published:
15 December 2006

Summary

Microsoft Windows XP is affected by a local file access vulnerability due to inadequate permissions set for the %WINDIR%\pchealth\ERRORREP\QHEADLES directory. This configuration allows local users to read and write files in this directory, potentially leading to unauthorized access or modification of sensitive data. Exploitation can be achieved through an ASP shell that runs with the IWAM_machine account, which has write access, and can be read by accounts like IUSR_Machine, thereby increasing the risk of exploitation.

References

http://www.securityfocus.com/archive/1/454268/100/0/threaded
mailing-listx_refsource_BUGTRAQ

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.