CVE-2006-4704
⚪ Do wiadomości
Luka w skrypcie WMI w Microsoft Visual Studio 2005 pozwala na zdalne wykonanie kodu.
CVSS
6.8
EPSS
72.1%
Exploit
poc
Vendor
microsoft
Opis źródłowy (NVD)
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 72.1% |
| Opublikowano (NVD) | 2006-11-01 15:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx (secure@microsoft.com)
- http://research.eeye.com/html/alerts/zeroday/20061031.html (secure@microsoft.com)
- http://secunia.com/advisories/22603 (secure@microsoft.com) [Vendor Advisory]
- http://securitytracker.com/id?1017142 (secure@microsoft.com)
- http://www.kb.cert.org/vuls/id/854856 (secure@microsoft.com) [US Government Resource]
- http://www.microsoft.com/technet/security/advisory/927709.mspx (secure@microsoft.com) [Vendor Advisory]
- http://www.securityfocus.com/archive/1/454201/100/0/threaded (secure@microsoft.com)
- http://www.securityfocus.com/archive/1/454969/100/200/threaded (secure@microsoft.com)
- http://www.securityfocus.com/bid/20797 (secure@microsoft.com)
- http://www.securityfocus.com/bid/20843 (secure@microsoft.com) [Exploit]
- http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf (secure@microsoft.com)
- http://www.us-cert.gov/cas/techalerts/TA06-346A.html (secure@microsoft.com) [US Government Resource]
- http://www.vupen.com/english/advisories/2006/4282 (secure@microsoft.com) [Vendor Advisory]
- http://www.zerodayinitiative.com/advisories/ZDI-06-047.html (secure@microsoft.com)
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073 (secure@microsoft.com)
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29915 (secure@microsoft.com)
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288 (secure@microsoft.com)