Name:
MS.Visual.Studio.WMI.Object.Broker.Code.Execution
Released Date:
May 21 2008
Severity:
critical
CVE:
2006-4704
MS Bulletin:
MS06-073
Bugtraq:
20843

FortiGuard Center > Vulnerability Encyclopedia


In-Depth Analysis

Description
This indicates an attempt to exploit a vulnerability in the WMI Object Broker ActiveX control in Microsoft Visual Studio 2005.

This vulnerability is due to improper access control in the CreateObject function of the ActiveX control. By enticing the victim to visit a malicious web site, an attacker may possibly execute arbitrary code.
 
Impact
System compromise, arbitrary code execution.
 
Affected Products
Microsoft Visual Studio 2005 Team Edition for Testers 0
Microsoft Visual Studio 2005 Team Edition for Developers 0
Microsoft Visual Studio 2005 Team Edition for Architects 0
Microsoft Visual Studio 2005 Team Edition 0
Microsoft Visual Studio 2005 Standard Edition 0
Microsoft Visual Studio 2005 Professional Edition 0
Aliases
References
http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx
http://www.securityfocus.com/bid/20843
http://www.frsirt.com/english/advisories/2006/4282
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4704
Recommended Actions
Apply the appropriate patch.

Microsoft Visual Studio 2005 Team Edition 0:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en


Microsoft Visual Studio 2005 Team Edition for Architects 0:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en


Microsoft Visual Studio 2005 Standard Edition 0:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en


Microsoft Visual Studio 2005:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en


Microsoft Visual Studio 2005 Professional Edition 0:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en


Microsoft Visual Studio 2005 Team Edition for Developers 0:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en


Microsoft Visual Studio 2005 Team Edition for Testers 0:

Microsoft VS80-KB925674-X86.exe
http://www.microsoft.com/downloads/details.aspx?familyid=C2682C53-8E9A -4C7D-B782-BE78512DCBFA&displaylang=en

 
 
SITE MAP  |  LEGAL NOTICES

      © 2003 FORTINET INC. ALL RIGHTS RESERVED