CVE-2006-4704

Severity

68%

Complexity

86%

Confidentiality

106%

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 18 years ago

2006-11-01 15:07:00

Last updated 6 years ago

2018-10-17 21:39:00

Affected Software

Microsoft Visual Studio .NET 2005

2005

References

http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx

http://research.eeye.com/html/alerts/zeroday/20061031.html

22603

Vendor Advisory

1017142

VU#854856

US Government Resource

927709

Vendor Advisory

20061212 ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability

SSRT061288

20797

20843

Exploit

http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf

TA06-346A

US Government Resource

ADV-2006-4282

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-06-047.html

MS06-073

ie-wscriptshell-command-execution(29915)

oval:org.mitre.oval:def:288

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.