CyberSec.Space Logo
Back to CVE Browser

CVE-2006-4465

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1030%
EPSS Percentile2.38th
PublishedAug 31, 2006
Last ModifiedApr 16, 2026

Vulnerability Description

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

Affected Platforms (CPE)

πŸ“¦
Microsoft

Terminal Server

All versions

References & Advisories

πŸ”— http://securityreason.com/securityalert/1486
πŸ”— http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html
πŸ”— http://www.securityfocus.com/archive/1/443364/100/200/threaded
πŸ”— http://www.securityfocus.com/archive/1/443428/100/200/threaded
πŸ”— http://securityreason.com/securityalert/1486
πŸ”— http://wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.html
πŸ”— http://www.securityfocus.com/archive/1/443364/100/200/threaded
πŸ”— http://www.securityfocus.com/archive/1/443428/100/200/threaded

Related Vulnerabilities

CVE-2004-090010.0

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of c...

CVE-2006-430910.0

VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and vi...

CVE-2002-136010.0

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified ...

CVE-2007-021710.0

The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code v...