FKIE_CVE-2006-4704

Vulnerability from fkie_nvd - Published: 2006-11-01 15:07 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
References
secure@microsoft.comhttp://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
secure@microsoft.comhttp://research.eeye.com/html/alerts/zeroday/20061031.html
secure@microsoft.comhttp://secunia.com/advisories/22603Vendor Advisory
secure@microsoft.comhttp://securitytracker.com/id?1017142
secure@microsoft.comhttp://www.kb.cert.org/vuls/id/854856US Government Resource
secure@microsoft.comhttp://www.microsoft.com/technet/security/advisory/927709.mspxVendor Advisory
secure@microsoft.comhttp://www.securityfocus.com/archive/1/454201/100/0/threaded
secure@microsoft.comhttp://www.securityfocus.com/archive/1/454969/100/200/threaded
secure@microsoft.comhttp://www.securityfocus.com/bid/20797
secure@microsoft.comhttp://www.securityfocus.com/bid/20843Exploit
secure@microsoft.comhttp://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
secure@microsoft.comhttp://www.us-cert.gov/cas/techalerts/TA06-346A.htmlUS Government Resource
secure@microsoft.comhttp://www.vupen.com/english/advisories/2006/4282Vendor Advisory
secure@microsoft.comhttp://www.zerodayinitiative.com/advisories/ZDI-06-047.html
secure@microsoft.comhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073
secure@microsoft.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/29915
secure@microsoft.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288
af854a3a-2127-422b-91ae-364da2661108http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
af854a3a-2127-422b-91ae-364da2661108http://research.eeye.com/html/alerts/zeroday/20061031.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22603Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017142
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/854856US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/927709.mspxVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/454201/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/454969/100/200/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20797
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20843Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.us-cert.gov/cas/techalerts/TA06-346A.htmlUS Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4282Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-06-047.html
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288
Impacted products
Vendor Product Version
microsoft visual_studio_.net 2005
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBED7535-0091-4B27-B261-384CEADFE362",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka \"WMI Object Broker Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en zonas cruzadas  en el Control ActiveX (WmiScriptUtils.dll) del  WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) en el Microsoft Visual Studio 2005 permite atacantes remotos evitar las restricciones de la zona de Internet y ejecutar c\u00f3digo de su elecci\u00f3n instanciando objetos peligrosos, tambi\u00e9n conocido como  \"Vulnerabilidad WMI Object Broker\"."
    }
  ],
  "id": "CVE-2006-4704",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-11-01T15:07:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "url": "http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://research.eeye.com/html/alerts/zeroday/20061031.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22603"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://securitytracker.com/id?1017142"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/854856"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/927709.mspx"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/454201/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/bid/20797"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20843"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4282"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-047.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29915"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://research.eeye.com/html/alerts/zeroday/20061031.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22603"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/854856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/927709.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/454201/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/20797"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.