1. CVE-Search
  2. CVE-2006-4704
ID CVE-2006-4704
Summary Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 17-10-2018 - 21:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
accepted 2007-02-20T13:40:14.308-05:00
class vulnerability
contributors
name Robert L. Hollis
organization ThreatGuard, Inc.
definition_extensions
comment Microsoft Visual Studio 2005 is installed.
oval oval:org.mitre.oval:def:426
description Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
family windows
id oval:org.mitre.oval:def:288
status accepted
submitted 2006-12-13T08:17:04
title WMI Object Broker Vulnerability
version 6
refmap via4
bid
  • 20797
  • 20843
bugtraq 20061212 ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
cert TA06-346A
cert-vn VU#854856
confirm http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
hp
  • HPSBST02180
  • SSRT061288
misc
mskb 927709
sectrack 1017142
secunia 22603
vupen ADV-2006-4282
xf ie-wscriptshell-command-execution(29915)
saint via4
bid 20843
description Microsoft Visual Studio 2005 WMI Object Broker vulnerability
id misc_vstudioax
osvdb 30155
title visual_studio_wmi_object_broker
type client
Last major update 17-10-2018 - 21:39
Published 01-11-2006 - 15:07
Last modified 17-10-2018 - 21:39
Back to Top