CVE-2006-4704
6.8 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.96 High
EPSS
Percentile
99.5%
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka “WMI Object Broker Vulnerability.”
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft:visual_studio_.net | microsoft visual studio .net | eq | 2005 |
References
blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
research.eeye.com/html/alerts/zeroday/20061031.html
secunia.com/advisories/22603
securitytracker.com/id?1017142
www.kb.cert.org/vuls/id/854856
www.microsoft.com/technet/security/advisory/927709.mspx
www.securityfocus.com/archive/1/454201/100/0/threaded
www.securityfocus.com/archive/1/454969/100/200/threaded
www.securityfocus.com/bid/20797
www.securityfocus.com/bid/20843
www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
www.us-cert.gov/cas/techalerts/TA06-346A.html
www.vupen.com/english/advisories/2006/4282
www.zerodayinitiative.com/advisories/ZDI-06-047.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073
exchange.xforce.ibmcloud.com/vulnerabilities/29915
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288
Related
6.8 Medium
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.96 High
EPSS
Percentile
99.5%