Vulnerability Details : CVE-2006-4692
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
Exploit prediction scoring system (EPSS) score for CVE-2006-4692
Probability of exploitation activity in the next 30 days: 76.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-4692
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
CWE ids for CVE-2006-4692
-
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.Assigned by: nvd@nist.gov (Primary)
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2006-4692
-
http://secunia.com/secunia_research/2006-54/advisory/
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://securitytracker.com/id?1017037
GoDaddy Domain Name SearchBroken Link;Third Party Advisory;VDB Entry
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065
Microsoft Security Bulletin MS06-065 - Moderate | Microsoft LearnPatch;Vendor Advisory
-
http://www.securityfocus.com/archive/1/449179/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.osvdb.org/29424
404 Not FoundBroken Link
-
http://www.kb.cert.org/vuls/id/703936
VU#703936 - Microsoft Object Packager fails to properly display file typesThird Party Advisory;US Government Resource
-
http://secunia.com/advisories/20717
About Secunia Research | FlexeraBroken Link;Vendor Advisory
-
http://www.securityfocus.com/archive/1/448273/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
http://www.vupen.com/english/advisories/2006/3984
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link;Vendor Advisory
-
http://www.securityfocus.com/bid/20318
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/448696/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496
404 Not FoundBroken Link
Products affected by CVE-2006-4692
- cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*