Executive Summary

Summary
Title Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
Informations
Name KB927709 First vendor Publication 2006-10-31
Vendor Microsoft Last vendor Modification 2006-12-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-073 to address this issue. For more information about this issue, including download links for an available security update, please review MS06-073. The vulnerability addressed is the Microsoft Visual Studio 2005 Vulnerability - CVE-2006-4704.

Resources:

You can provide feedback by completing the form by visiting the following Web site.

Customers in the United States and Canada can receive technical support from Microsoft Product Support Services. For more information about available support options, see the Microsoft Help and Support Web site.

International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit the International Support Web site.

The Microsoft TechNet Security Web site provides additional information about security in Microsoft products.


Original Source

Url : http://www.microsoft.com/technet/security/advisory/927709.mspx

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:288
 
Oval ID: oval:org.mitre.oval:def:288
Title: WMI Object Broker Vulnerability
Description: Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2006-4704
 Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s): Microsoft Visual Studio
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

SAINT Exploits

Description Link
Microsoft Visual Studio 2005 WMI Object Broker vulnerability More info here

Open Source Vulnerability Database (OSVDB)

Id Description
30155 Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspec...

Snort® IPS/IDS

Date Description
2014-01-10 WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID unicode access
RuleID : 8370 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a...
RuleID : 8369 - Revision : 19 - Type : BROWSER-PLUGINS
2017-09-19 Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a...
RuleID : 44036 - Revision : 1 - Type : BROWSER-PLUGINS
2017-09-19 Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a...
RuleID : 44035 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a...
RuleID : 22003 - Revision : 5 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLS...
RuleID : 20071 - Revision : 9 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2006-12-12 Name : Arbitrary code can be executed on the remote host through the web browser.
File : smb_nt_ms06-073.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 12:20:22
  • Multiple Updates