Unrated severityNVD Advisory· Published Feb 14, 2006· Updated Jun 16, 2026

CVE-2006-0008

Description

The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Microsoft/Office4 versions
cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
- (no CPE)
Microsoft/Windows Server 200314 versions
cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*+ 13 more
- cpe:2.3:o:microsoft:windows_2003_server:datacenter_64-bit:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard_64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:sp1:*:*:*:*:*:*
- (no CPE)range: up to SP1
Microsoft/Windows Xp10 versions
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 9 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- (no CPE)range: SP1, SP2

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

secunia.com/advisories/18859nvdPatchVendor Advisory
securitytracker.com/idnvdPatch
www.securityfocus.com/bid/16643nvdPatch
www.kb.cert.org/vuls/id/739844nvdThird Party AdvisoryUS Government Resource
www.ryanstyle.com/alert/my/5/ms06_009_eng.htmlnvdVendor Advisory
www.vupen.com/english/advisories/2006/0578nvdVendor Advisory
www.securityfocus.com/archive/1/425141/100/0/threadednvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-009nvd
exchange.xforce.ibmcloud.com/vulnerabilities/24492nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1595nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1650nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1664nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1688nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A727nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000