|
|||
Rule General Information |
---|
Release Date: | 2017-08-17 | |
Rule Name: | WEB-CLIENT Microsoft Visual Studio WMI Object Broker Activex Control Code Execution Vulnerability -4 (CVE-2006-4704) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows | |
Reference: | http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx MicrosoftSecurityBulletin:927709 MicrosoftSecurityBulletin:ms06-073 SecurityFocusBID:20797 SecurityFocusBID:20843 |
|
Solutions |
---|
Microsoft has released a patch MS06-073 to eliminate the vulnerability. The patch can be downloaded at http://www.microsoft.com/technet/security/bulletin/ms06-073.mspx |