Unrated severityNVD Advisory· Published Aug 31, 2006· Updated Apr 16, 2026

CVE-2006-4465

Description

Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code

Affected products

Microsoft/Terminal Server
cpe:2.3:a:microsoft:terminal_server:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wklpc.blogspot.com/2006/08/easy-ms-terminal-server-desktop-hack.htmlnvdExploit
securityreason.com/securityalert/1486nvd
www.securityfocus.com/archive/1/443364/100/200/threadednvd
www.securityfocus.com/archive/1/443428/100/200/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.019
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000