Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2006-4704 | First vendor Publication | 2006-11-01 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 6.8 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4704 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:288 | |||
| Oval ID: | oval:org.mitre.oval:def:288 | ||
| Title: | WMI Object Broker Vulnerability | ||
| Description: | Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2006-4704 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Visual Studio |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Visual Studio 2005 WMI Object Broker vulnerability | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-09-20 | Internet Explorer COM CreateObject Code Execution |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 30155 | Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspec... |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID unicode access RuleID : 8370 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 8369 - Revision : 19 - Type : BROWSER-PLUGINS |
| 2017-09-19 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 44036 - Revision : 1 - Type : BROWSER-PLUGINS |
| 2017-09-19 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 44035 - Revision : 2 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 22003 - Revision : 5 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLS... RuleID : 20071 - Revision : 9 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-12-12 | Name : Arbitrary code can be executed on the remote host through the web browser. File : smb_nt_ms06-073.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:19:06 |
|
| 2024-11-28 12:10:00 |
|
| 2021-05-04 12:04:34 |
|
| 2021-04-22 01:05:13 |
|
| 2020-05-23 13:16:47 |
|
| 2020-05-23 00:18:23 |
|
| 2019-03-18 12:01:26 |
|
| 2018-10-18 00:19:41 |
|
| 2018-10-13 00:22:35 |
|
| 2017-10-11 09:23:45 |
|
| 2017-07-20 09:23:53 |
|
| 2016-04-26 15:04:07 |
|
| 2014-02-17 10:37:16 |
|
| 2014-01-19 21:23:33 |
|
| 2013-05-11 11:09:14 |
|
