5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.765 High
EPSS
Percentile
98.2%
The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.
According to Microsoft:
_Object Packager is a tool you can use to create a package that you can insert into a file. _
The Object Packager fails to properly display the file types of embedded objects. According to Microsoft Security Bulletin MS06-065:
An attacker could try to exploit the vulnerability by creating a specially crafted file and sending the file to a user on an affected system in email or by having them click on a link to receive the file. Once the file is received the user would then have to click on the embedded object within the file and accept a misleading dialogue indicating that the user is about access a different file type. _
More information is available in Microsoft Security Bulletin _MS06-065.
Attackers can conceal the types of objects embedded within files, possibly misleading users into executing arbitrary code.
Apply an update
This vulnerability is addressed in Microsoft Security Bulletin MS06-065.
Do not open files from untrusted sources
Do not open files originating from unfamiliar or unexpected sources, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.
703936
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: October 10, 2006 Updated: October 10, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to <http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23703936 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This issue was reported in Microsoft Security Bulletin MS06-065. Microsoft credits Andreas Sandblad of Secunia Research for reporting this vulnerability.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2006-4692 |
---|---|
Severity Metric: | 9.90 Date Public: |