CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
99.6%
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka “WMI Object Broker Vulnerability.”
Vendor | Product | Version | CPE |
---|---|---|---|
microsoft | visual_studio_.net | 2005 | cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:* |
blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
research.eeye.com/html/alerts/zeroday/20061031.html
secunia.com/advisories/22603
securitytracker.com/id?1017142
www.kb.cert.org/vuls/id/854856
www.microsoft.com/technet/security/advisory/927709.mspx
www.securityfocus.com/archive/1/454201/100/0/threaded
www.securityfocus.com/archive/1/454969/100/200/threaded
www.securityfocus.com/bid/20797
www.securityfocus.com/bid/20843
www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
www.us-cert.gov/cas/techalerts/TA06-346A.html
www.vupen.com/english/advisories/2006/4282
www.zerodayinitiative.com/advisories/ZDI-06-047.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073
exchange.xforce.ibmcloud.com/vulnerabilities/29915
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288