QwikSec

Security Database

CVE

CWE

Training

CVE-2006-4704

Published: Nov 1, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20061212 ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability

mailing-list

x_refsource_BUGTRAQ

http://research.eeye.com/html/alerts/zeroday/20061031.html

x_refsource_MISC

vendor-advisory

x_refsource_MS

vendor-advisory

x_refsource_MSKB

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_VUPEN

oval:org.mitre.oval:def:288

vdb-entry

signature

x_refsource_OVAL

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_HP

third-party-advisory

x_refsource_CERT-VN

http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf

x_refsource_MISC

http://www.zerodayinitiative.com/advisories/ZDI-06-047.html

x_refsource_MISC

ie-wscriptshell-command-execution(29915)

vdb-entry

x_refsource_XF

http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.