Vulnerability CVE-2006-0008

Vulnerability Name:

CVE-2006-0008 (CCN-24492)

Assigned:

2005-11-09

Published:

2006-02-14

Updated:

2018-10-30

Summary:

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-264

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2006-0008

Source: CCN
Type: SA18859
Microsoft Windows / Office Korean Input Method Editor Vulnerability

Source: SECUNIA
Type: Patch, Vendor Advisory
18859

Source: CCN
Type: SECTRACK ID: 1015631
Microsoft Office Korean Input Method Editor Lets Local Users Gain Elevated Privileges

Source: SECTRACK
Type: Patch
1015631

Source: CCN
Type: ASA-2006-047
Windows Security Updates for February 2006 - (MS06-004 to MS06-010)

Source: CCN
Type: US-CERT VU#739844
Microsoft Windows Korean Input Method Editor vulnerability

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#739844

Source: CCN
Type: Microsoft Security Bulletin MS06-009
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)

Source: MISC
Type: Vendor Advisory
http://www.ryanstyle.com/alert/my/5/ms06_009_eng.html

Source: BUGTRAQ
Type: UNKNOWN
20060215 Security advisory: Windows IME Vulnerability (MS06-009)

Source: BID
Type: Patch
16643

Source: CCN
Type: BID-16643
Microsoft Windows Korean Input Method Editor Privilege Escalation Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0578

Source: MS
Type: UNKNOWN
MS06-009

Source: XF
Type: UNKNOWN
win-korean-ime-privilege-elevation(24492)

Source: XF
Type: UNKNOWN
win-korean-ime-privilege-elevation(24492)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1595

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1650

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1664

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1688

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:727

Vulnerable Configuration:

Configuration 1:

cpe:/a:microsoft:office:2003:*:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2003:sp1:*:*:*:*:*:*

OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:*

Configuration 2:

cpe:/o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

OR cpe:/o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

Configuration CCN 1:

cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server::x64:*:*:*:*:*

OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*

OR cpe:/o:microsoft:windows_2003_server:-::~~~~itanium~:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1:*:*:*:*:*:*

OR cpe:/o:microsoft:windows:2003_server:sp1_itanium:*:*:*:*:*:*

OR cpe:/a:microsoft:windows_2003:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:1688	V	Korean IME Privilege Elevation Vulnerability in Server 2003,SP1	2011-05-16
oval:org.mitre.oval:def:1595	V	Korean IME Privilege Elevation Vulnerability in 64-bit Windows XP	2011-05-16
oval:org.mitre.oval:def:1650	V	Korean IME Privilege Elevation Vulnerability in Server 2003	2011-05-16
oval:org.mitre.oval:def:727	V	Korean IME Privilege Elevation Vulnerability in Office 2003 and Accessories	2011-05-09
oval:org.mitre.oval:def:1664	V	Korean IME Privilege Elevation Vulnerability in Windows XP	2011-05-09

BACK