CVE-2006-0023 Information

Description

Microsoft Windows XP SP1 and SP2 before August 2004 and possibly other operating systems and versions uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP) (2) Universal Plug and Play Device Host (UPnP) (3) NetBT (4) SCardSvr (5) DHCP and (6) DnsCache services aka \Permissive Windows Services DACLs.\ NOTE: the NetBT SCardSvr DHCP DnsCache already require privileged access to exploit.

Reference

http://secunia.com/advisories/18756 http://secunia.com/advisories/19238 http://secunia.com/advisories/19313 http://securitytracker.com/id?1015595 http://securitytracker.com/id?1015765 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf http://www.kb.cert.org/vuls/id/953860 http://www.microsoft.com/technet/security/advisory/914457.mspx http://www.securityfocus.com/archive/1/423587/100/0/threaded http://www.vupen.com/english/advisories/2006/0417 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID= https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011 https://exchange.xforce.ibmcloud.com/vulnerabilities/24463 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1671 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1696