Vulnerability Description
Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | All versions |
References
- http://www.securityfocus.com/archive/1/428970/100/0/threaded
- http://www.securityfocus.com/archive/1/429111/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25598
- http://www.securityfocus.com/archive/1/428970/100/0/threaded
- http://www.securityfocus.com/archive/1/429111/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25598
FAQ
What is CVE-2006-1476?
CVE-2006-1476 is a vulnerability with a CVSS score of 2.6 (LOW). Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assis...
How severe is CVE-2006-1476?
CVE-2006-1476 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1476?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Xp.