CVE-2006-6578

CVE Database · CVE-2006-6578

CVE-2006-6578

· N/AModified

CVSS v3.1

N/A

EPSS

6.64%

Published

Dec 15, 2006

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those arguments, as demonstrated using win.com when it is in a web directory with certain permissions.

Affected Products (1)

microsoft · internet_information_servicesvulnerable

References (4)

http://securityreason.com/securityalert/2036

ExploitThird Party Advisory

http://www.securityfocus.com/archive/1/454268/100/0/threaded

ExploitThird Party AdvisoryVDB Entry

http://securityreason.com/securityalert/2036

ExploitThird Party Advisory

http://www.securityfocus.com/archive/1/454268/100/0/threaded

ExploitThird Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs