cvelistv5 - CVE-2006-0012

CVE-2006-0012 (GCVE-0-2006-0012)

Vulnerability from cvelistv5 – Published: 2006-04-12 00:00 – Updated: 2024-08-07 16:18

Summary

Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/bid/17464	vdb-entryx_refsource_BID
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://secunia.com/advisories/19606	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA06-101A.html	third-party-advisoryx_refsource_CERT
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://securitytracker.com/id?1015897	vdb-entryx_refsource_SECTRACK
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.osvdb.org/24516	vdb-entryx_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/641460	third-party-advisoryx_refsource_CERT-VN
	http://www.vupen.com/english/advisories/2006/1320	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T16:18:20.703Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "17464",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17464"
          },
          {
            "name": "oval:org.mitre.oval:def:1743",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
          },
          {
            "name": "19606",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19606"
          },
          {
            "name": "TA06-101A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
          },
          {
            "name": "win-explorer-com-code-execution(25554)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
          },
          {
            "name": "1015897",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1015897"
          },
          {
            "name": "MS06-015",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
          },
          {
            "name": "oval:org.mitre.oval:def:1191",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
          },
          {
            "name": "oval:org.mitre.oval:def:1764",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
          },
          {
            "name": "24516",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/24516"
          },
          {
            "name": "oval:org.mitre.oval:def:1448",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
          },
          {
            "name": "oval:org.mitre.oval:def:1679",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
          },
          {
            "name": "VU#641460",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/641460"
          },
          {
            "name": "ADV-2006-1320",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1320"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "17464",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17464"
        },
        {
          "name": "oval:org.mitre.oval:def:1743",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
        },
        {
          "name": "19606",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19606"
        },
        {
          "name": "TA06-101A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
        },
        {
          "name": "win-explorer-com-code-execution(25554)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
        },
        {
          "name": "1015897",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1015897"
        },
        {
          "name": "MS06-015",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
        },
        {
          "name": "oval:org.mitre.oval:def:1191",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
        },
        {
          "name": "oval:org.mitre.oval:def:1764",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
        },
        {
          "name": "24516",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/24516"
        },
        {
          "name": "oval:org.mitre.oval:def:1448",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
        },
        {
          "name": "oval:org.mitre.oval:def:1679",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
        },
        {
          "name": "VU#641460",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/641460"
        },
        {
          "name": "ADV-2006-1320",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1320"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0012",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "17464",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17464"
            },
            {
              "name": "oval:org.mitre.oval:def:1743",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
            },
            {
              "name": "19606",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19606"
            },
            {
              "name": "TA06-101A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
            },
            {
              "name": "win-explorer-com-code-execution(25554)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
            },
            {
              "name": "1015897",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1015897"
            },
            {
              "name": "MS06-015",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
            },
            {
              "name": "oval:org.mitre.oval:def:1191",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
            },
            {
              "name": "oval:org.mitre.oval:def:1764",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
            },
            {
              "name": "24516",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/24516"
            },
            {
              "name": "oval:org.mitre.oval:def:1448",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
            },
            {
              "name": "oval:org.mitre.oval:def:1679",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
            },
            {
              "name": "VU#641460",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/641460"
            },
            {
              "name": "ADV-2006-1320",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1320"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-0012",
    "datePublished": "2006-04-12T00:00:00",
    "dateReserved": "2005-11-09T00:00:00",
    "dateUpdated": "2024-08-07T16:18:20.703Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"294EBA01-147B-4DA0-937E-ACBB655EDE53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E8B7346-F2AA-434C-A048-7463EC1BB117\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE1A6107-DE00-4A1C-87FC-9E4015165B5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\", \"matchCriteriaId\": \"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE3DF901-734B-4956-9D22-FE4608A31DDA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"E69D0E21-8C62-403E-8097-2CA403CBBB1B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"A86C732B-6E92-46FB-B1E5-F0BA2F0D6D82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B127407D-AE50-4AFE-A780-D85B5AF44A2D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"986AE140-316D-4874-AEE2-3058A007D33F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"5D42E51C-740A-4441-8BAF-D073111B984C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"34ACB544-87DD-4D9A-99F0-A10F48C1EE05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1BC59CF-BA8A-4D4C-92A5-CFDA7ECD685F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"74AD256D-4BCE-41FB-AD73-C5C63A59A06D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B5F54BB-A80E-42F2-A700-82C1240E23D0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B518E945-5FDE-4A37-878D-6946653C91F7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D3B703C-79B2-4FA2-9E12-713AB977A880\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA733AD2-D948-46A0-A063-D29081A56F1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"799DA395-C7F8-477C-8BC7-5B4B88FB7503\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\", \"matchCriteriaId\": \"91D6D065-A28D-49DA-B7F4-38421FF86498\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*\", \"matchCriteriaId\": \"BC176BB0-1655-4BEA-A841-C4158167CC9B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"403945FA-8676-4D98-B903-48452B46F48F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*\", \"matchCriteriaId\": \"4BF263CB-4239-4DB0-867C-9069ED02CAD7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*\", \"matchCriteriaId\": \"49693FA0-BF34-438B-AFF2-75ACC8A6D2E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"6A05337E-18A5-4939-85A0-69583D9B5AD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*\", \"matchCriteriaId\": \"E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*\", \"matchCriteriaId\": \"7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\", \"matchCriteriaId\": \"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \\\"crafted files and directories,\\\" aka the \\\"Windows Shell Vulnerability.\\\"\"}]",
      "id": "CVE-2006-0012",
      "lastModified": "2024-11-21T00:05:27.837",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 5.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 4.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2006-04-12T00:02:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/19606\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1015897\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/641460\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/24516\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/17464\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-101A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1320\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25554\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://secunia.com/advisories/19606\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1015897\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/641460\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.osvdb.org/24516\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/17464\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-101A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.vupen.com/english/advisories/2006/1320\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/25554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-0012\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-04-12T00:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \\\"crafted files and directories,\\\" aka the \\\"Windows Shell Vulnerability.\\\"\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"294EBA01-147B-4DA0-937E-ACBB655EDE53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E8B7346-F2AA-434C-A048-7463EC1BB117\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE1A6107-DE00-4A1C-87FC-9E4015165B5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*\",\"matchCriteriaId\":\"83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE3DF901-734B-4956-9D22-FE4608A31DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"E69D0E21-8C62-403E-8097-2CA403CBBB1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A86C732B-6E92-46FB-B1E5-F0BA2F0D6D82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B127407D-AE50-4AFE-A780-D85B5AF44A2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"986AE140-316D-4874-AEE2-3058A007D33F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"5D42E51C-740A-4441-8BAF-D073111B984C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"34ACB544-87DD-4D9A-99F0-A10F48C1EE05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1BC59CF-BA8A-4D4C-92A5-CFDA7ECD685F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"74AD256D-4BCE-41FB-AD73-C5C63A59A06D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B5F54BB-A80E-42F2-A700-82C1240E23D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B518E945-5FDE-4A37-878D-6946653C91F7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D3B703C-79B2-4FA2-9E12-713AB977A880\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA733AD2-D948-46A0-A063-D29081A56F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"799DA395-C7F8-477C-8BC7-5B4B88FB7503\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*\",\"matchCriteriaId\":\"91D6D065-A28D-49DA-B7F4-38421FF86498\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*\",\"matchCriteriaId\":\"BC176BB0-1655-4BEA-A841-C4158167CC9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"403945FA-8676-4D98-B903-48452B46F48F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*\",\"matchCriteriaId\":\"4BF263CB-4239-4DB0-867C-9069ED02CAD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*\",\"matchCriteriaId\":\"49693FA0-BF34-438B-AFF2-75ACC8A6D2E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"6A05337E-18A5-4939-85A0-69583D9B5AD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*\",\"matchCriteriaId\":\"E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*\",\"matchCriteriaId\":\"7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*\",\"matchCriteriaId\":\"FB2BE2DE-7B06-47ED-A674-15D45448F357\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/19606\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1015897\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/641460\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/24516\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/17464\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-101A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1320\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25554\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://secunia.com/advisories/19606\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1015897\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/641460\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.osvdb.org/24516\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17464\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-101A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/1320\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/25554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-2QJQ-PX2F-X2Q2

Vulnerability from github – Published: 2022-05-01 06:37 – Updated: 2022-05-01 06:37

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-0012"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-04-12T00:02:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\"",
  "id": "GHSA-2qjq-px2f-x2q2",
  "modified": "2022-05-01T06:37:04Z",
  "published": "2022-05-01T06:37:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-0012"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19606"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1015897"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/641460"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/24516"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17464"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1320"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-148

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'explorateur de Microsoft Windows permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

L'explorateur de Microsoft Windows ne manipule pas correctement les objets de type COM (pour Component Object Model). L'architecture COM propre à Microsoft permet la manipulation d'objets par les applications installées sur le système. Dans le cas de l'explorateur, un utilisateur malveillant peut inciter l'utilisateur à se connecter à un serveur de fichiers (au moyen d'un lien sur un site web par exemple), et profiter de cette vulnérabilité pour exécuter du code arbitraire à distance.

Solution

Appliquer le correctif tel qu'indiqué dans le bulletin de sécurité Microsoft MS06-015 (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows 2000 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-015 du 11 avril 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027explorateur de Microsoft Windows ne manipule pas correctement les\nobjets de type COM (pour Component Object Model). L\u0027architecture COM\npropre \u00e0 Microsoft permet la manipulation d\u0027objets par les applications\ninstall\u00e9es sur le syst\u00e8me. Dans le cas de l\u0027explorateur, un utilisateur\nmalveillant peut inciter l\u0027utilisateur \u00e0 se connecter \u00e0 un serveur de\nfichiers (au moyen d\u0027un lien sur un site web par exemple), et profiter\nde cette vuln\u00e9rabilit\u00e9 pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nAppliquer le correctif tel qu\u0027indiqu\u00e9 dans le bulletin de s\u00e9curit\u00e9\nMicrosoft MS06-015 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0012"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-12T00:00:00.000000"
    },
    {
      "description": "modification du risque.",
      "revision_date": "2006-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027explorateur de Microsoft Windows permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans l\u0027explorateur de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-015 du 11 avril 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx"
    }
  ]
}

CERTA-2006-AVI-148

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans l'explorateur de Microsoft Windows permet à un utilisateur malveillant d'exécuter du code arbitraire à distance.

Description

Solution

Appliquer le correctif tel qu'indiqué dans le bulletin de sécurité Microsoft MS06-015 (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Windows Server 2003 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 2 ;
Microsoft	Windows	Microsoft Windows 2000 ;
Microsoft	Windows	Microsoft Windows XP Service Pack 1 ;
Microsoft	Windows	Microsoft Windows Server 2003 Service Pack 1.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-015 du 11 avril 2006

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows Server 2003 Service Pack 1.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nL\u0027explorateur de Microsoft Windows ne manipule pas correctement les\nobjets de type COM (pour Component Object Model). L\u0027architecture COM\npropre \u00e0 Microsoft permet la manipulation d\u0027objets par les applications\ninstall\u00e9es sur le syst\u00e8me. Dans le cas de l\u0027explorateur, un utilisateur\nmalveillant peut inciter l\u0027utilisateur \u00e0 se connecter \u00e0 un serveur de\nfichiers (au moyen d\u0027un lien sur un site web par exemple), et profiter\nde cette vuln\u00e9rabilit\u00e9 pour ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nAppliquer le correctif tel qu\u0027indiqu\u00e9 dans le bulletin de s\u00e9curit\u00e9\nMicrosoft MS06-015 (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-0012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-0012"
    }
  ],
  "links": [],
  "reference": "CERTA-2006-AVI-148",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-04-12T00:00:00.000000"
    },
    {
      "description": "modification du risque.",
      "revision_date": "2006-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027explorateur de Microsoft Windows permet \u00e0 un\nutilisateur malveillant d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans l\u0027explorateur de Microsoft Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-015 du 11 avril 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx"
    }
  ]
}

FKIE_CVE-2006-0012

Vulnerability from fkie_nvd - Published: 2006-04-12 00:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://secunia.com/advisories/19606	Patch, Vendor Advisory
secure@microsoft.com	http://securitytracker.com/id?1015897
secure@microsoft.com	http://www.kb.cert.org/vuls/id/641460	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.osvdb.org/24516
secure@microsoft.com	http://www.securityfocus.com/bid/17464
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-101A.html	US Government Resource
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/1320
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015
secure@microsoft.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/25554
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19606	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1015897
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/641460	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/24516
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17464
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-101A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1320
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/25554
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764

Impacted products

Vendor	Product	Version
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2000	*
microsoft	windows_2003_server	datacenter_64-bit
microsoft	windows_2003_server	enterprise
microsoft	windows_2003_server	enterprise
microsoft	windows_2003_server	enterprise_64-bit
microsoft	windows_2003_server	enterprise_64-bit
microsoft	windows_2003_server	r2
microsoft	windows_2003_server	r2
microsoft	windows_2003_server	r2
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard
microsoft	windows_2003_server	standard_64-bit
microsoft	windows_2003_server	web
microsoft	windows_2003_server	web
microsoft	windows_98	*
microsoft	windows_98se	*
microsoft	windows_me	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*
microsoft	windows_xp	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E545C63-FE9C-4CA1-AF0F-D999D84D2AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "294EBA01-147B-4DA0-937E-ACBB655EDE53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "4E8B7346-F2AA-434C-A048-7463EC1BB117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "BE1A6107-DE00-4A1C-87FC-9E4015165B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "83E7C4A0-78CF-4B56-82BF-EC932BDD8ADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BE3DF901-734B-4956-9D22-FE4608A31DDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "E69D0E21-8C62-403E-8097-2CA403CBBB1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "A86C732B-6E92-46FB-B1E5-F0BA2F0D6D82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "B127407D-AE50-4AFE-A780-D85B5AF44A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "986AE140-316D-4874-AEE2-3058A007D33F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "5D42E51C-740A-4441-8BAF-D073111B984C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
              "matchCriteriaId": "34ACB544-87DD-4D9A-99F0-A10F48C1EE05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C1BC59CF-BA8A-4D4C-92A5-CFDA7ECD685F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "74AD256D-4BCE-41FB-AD73-C5C63A59A06D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4B5F54BB-A80E-42F2-A700-82C1240E23D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3AC387D-BB23-4EB9-A7DA-6E3F5CD8EFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
              "matchCriteriaId": "B518E945-5FDE-4A37-878D-6946653C91F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "76BDFB16-D71F-4E33-83FD-F0F2AE2FAE7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
              "matchCriteriaId": "2D3B703C-79B2-4FA2-9E12-713AB977A880",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA733AD2-D948-46A0-A063-D29081A56F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
              "matchCriteriaId": "91D6D065-A28D-49DA-B7F4-38421FF86498",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
              "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
              "matchCriteriaId": "403945FA-8676-4D98-B903-48452B46F48F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
              "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
              "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
              "matchCriteriaId": "6A05337E-18A5-4939-85A0-69583D9B5AD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
              "matchCriteriaId": "E43BBC5A-057F-4BE2-B4BB-6791DDB0B9C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
              "matchCriteriaId": "7E439FA5-78BF-41B1-BAEC-C1C94CE86F2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
              "matchCriteriaId": "FB2BE2DE-7B06-47ED-A674-15D45448F357",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\""
    }
  ],
  "id": "CVE-2006-0012",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-04-12T00:02:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19606"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1015897"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/641460"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.osvdb.org/24516"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/17464"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.vupen.com/english/advisories/2006/1320"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19606"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1015897"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/641460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/24516"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17464"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/1320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-0012

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-0012

Aliases

CVE-2006-0012

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-0012",
    "description": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\"",
    "id": "GSD-2006-0012"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-0012"
      ],
      "details": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\"",
      "id": "GSD-2006-0012",
      "modified": "2023-12-13T01:19:50.937378Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-0012",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "17464",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17464"
          },
          {
            "name": "oval:org.mitre.oval:def:1743",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
          },
          {
            "name": "19606",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19606"
          },
          {
            "name": "TA06-101A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
          },
          {
            "name": "win-explorer-com-code-execution(25554)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
          },
          {
            "name": "1015897",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1015897"
          },
          {
            "name": "MS06-015",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
          },
          {
            "name": "oval:org.mitre.oval:def:1191",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
          },
          {
            "name": "oval:org.mitre.oval:def:1764",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
          },
          {
            "name": "24516",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/24516"
          },
          {
            "name": "oval:org.mitre.oval:def:1448",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
          },
          {
            "name": "oval:org.mitre.oval:def:1679",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
          },
          {
            "name": "VU#641460",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/641460"
          },
          {
            "name": "ADV-2006-1320",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1320"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-0012"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and \"crafted files and directories,\" aka the \"Windows Shell Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA06-101A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-101A.html"
            },
            {
              "name": "17464",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17464"
            },
            {
              "name": "19606",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19606"
            },
            {
              "name": "VU#641460",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/641460"
            },
            {
              "name": "24516",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/24516"
            },
            {
              "name": "1015897",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1015897"
            },
            {
              "name": "ADV-2006-1320",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/1320"
            },
            {
              "name": "win-explorer-com-code-execution(25554)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25554"
            },
            {
              "name": "oval:org.mitre.oval:def:1764",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1764"
            },
            {
              "name": "oval:org.mitre.oval:def:1743",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1743"
            },
            {
              "name": "oval:org.mitre.oval:def:1679",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1679"
            },
            {
              "name": "oval:org.mitre.oval:def:1448",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1448"
            },
            {
              "name": "oval:org.mitre.oval:def:1191",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1191"
            },
            {
              "name": "MS06-015",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2019-04-30T14:27Z",
      "publishedDate": "2006-04-12T00:02Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-0012 (GCVE-0-2006-0012)

GHSA-2QJQ-PX2F-X2Q2

CERTA-2006-AVI-148

Description

Solution

CERTA-2006-AVI-148

Description

Solution

FKIE_CVE-2006-0012

GSD-2006-0012

Tags

Sightings

Nomenclature