CVE-2006-4465

critical Microsoft
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
23.4%
Exploitation probability in 30 days
Top 4% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: August 31, 2006 (7195 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

CWE

NVD-CWE-Other

Affected Products

microsoft terminal server

References

🔗 securityreason.com 🔗 wklpc.blogspot.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com 🔗 securityreason.com