CVE-2006-0023

N/A Unknown

Published: February 08, 2006 Modified: April 16, 2026

Description

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/18756

Source: secure@microsoft.com

Patch Vendor Advisory

http://secunia.com/advisories/19238

Source: secure@microsoft.com

Vendor Advisory

http://secunia.com/advisories/19313

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1015595

Source: secure@microsoft.com

http://securitytracker.com/id?1015765

Source: secure@microsoft.com

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

Source: secure@microsoft.com

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/953860

Source: secure@microsoft.com

Third Party Advisory US Government Resource

http://www.microsoft.com/technet/security/advisory/914457.mspx

Source: secure@microsoft.com

Vendor Advisory

http://www.securityfocus.com/archive/1/423587/100/0/threaded

Source: secure@microsoft.com

http://www.vupen.com/english/advisories/2006/0417

Source: secure@microsoft.com

Vendor Advisory

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/24463

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696

Source: secure@microsoft.com

http://secunia.com/advisories/18756

Source: af854a3a-2127-422b-91ae-364da2661108

Patch Vendor Advisory

http://secunia.com/advisories/19238

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/19313

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1015595

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1015765

Source: af854a3a-2127-422b-91ae-364da2661108

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.cs.princeton.edu/~sudhakar/papers/winval.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/953860

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory US Government Resource

http://www.microsoft.com/technet/security/advisory/914457.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/423587/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/0417

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=391523&RenditionID=

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-011

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/24463

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1671

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1696

Source: af854a3a-2127-422b-91ae-364da2661108

32 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.8%

74th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-264

Affected Vendors

microsoft

Related CVEs

CVE-2025-71256 7.5

CVE-2025-71255 7.5

CVE-2025-71254 7.5

CVE-2025-71253 7.5

CVE-2025-71252 7.5