Back to search
CVE-2006-4692
Published: Oct 10, 2006
Modified: Oct 15, 2024
PUBLISHED
Description
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29424
vdb-entry
x_refsource_OSVDB
SSRT061264
vendor-advisory
x_refsource_HP
VU#703936
third-party-advisory
x_refsource_CERT-VN
20318
vdb-entry
x_refsource_BID
MS06-065
vendor-advisory
x_refsource_MS
ADV-2006-3984
vdb-entry
x_refsource_VUPEN
http://secunia.com/secunia_research/2006-54/advisory/
x_refsource_MISC
HPSBST02161
vendor-advisory
x_refsource_HP
20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing
mailing-list
x_refsource_BUGTRAQ
20717
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:496
vdb-entry
signature
x_refsource_OVAL
20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing
mailing-list
x_refsource_BUGTRAQ
1017037
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now