Lucene search

[email protected]CVE-2006-0187

HistoryJan 12, 2006 - 6:02 a.m.

CVE-2006-0187

2006-01-1206:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

microsoft visual studio

code execution

load event

user-defined control

malicious project file

8.1 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.

CPENameOperatorVersion
microsoft:visual_studio_.netmicrosoft visual studio .neteq2005

CPE	Name	Operator	Version
microsoft:visual_studio_.net	microsoft visual studio .net	eq	2005

References

secunia.com/advisories/18409

www.securityfocus.com/archive/1/421943/100/0/threaded

www.securityfocus.com/bid/16225

www.vupen.com/english/advisories/2006/0151

exchange.xforce.ibmcloud.com/vulnerabilities/24116

8.1 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.019 Low

EPSS

Percentile

88.5%

JSON

Related for CVE-2006-0187

prion1 cvelist1