Executive Summary
Summary | |
---|---|
Title | Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution |
Informations | |||
---|---|---|---|
Name | KB927709 | First vendor Publication | 2006-10-31 |
Vendor | Microsoft | Last vendor Modification | 2006-12-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS06-073 to address this issue. For more information about this issue, including download links for an available security update, please review MS06-073. The vulnerability addressed is the Microsoft Visual Studio 2005 Vulnerability - CVE-2006-4704. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/927709.mspx |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:288 | |||
Oval ID: | oval:org.mitre.oval:def:288 | ||
Title: | WMI Object Broker Vulnerability | ||
Description: | Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-4704 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Visual Studio |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Visual Studio 2005 WMI Object Broker vulnerability | More info here |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30155 | Microsoft Visual Studio WMI Object Broker ActiveX (WmiScriptUtils.dll) Unspec... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLSID unicode access RuleID : 8370 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 8369 - Revision : 19 - Type : BROWSER-PLUGINS |
2017-09-19 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 44036 - Revision : 1 - Type : BROWSER-PLUGINS |
2017-09-19 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 44035 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer WMIScriptUtils.WMIObjectBroker2.1 ActiveX clsid a... RuleID : 22003 - Revision : 5 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Visual Studio WMIScriptUtils.WMIObjectBroker2.1 ActiveX CLS... RuleID : 20071 - Revision : 9 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-12-12 | Name : Arbitrary code can be executed on the remote host through the web browser. File : smb_nt_ms06-073.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 12:20:22 |
|