CVE-2006-4704

Published: Nov 1, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

Affected (1)

Products: Microsoft: Visual Studio .net

1 product

Visual Studio .net

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Visual Studio .net	Version 2005

References (34)

http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx

Source: secure@microsoft.com

http://research.eeye.com/html/alerts/zeroday/20061031.html

Source: secure@microsoft.com

http://secunia.com/advisories/22603

Source: secure@microsoft.com

Vendor Advisory

http://securitytracker.com/id?1017142

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/854856

Source: secure@microsoft.com

US Government Resource

http://www.microsoft.com/technet/security/advisory/927709.mspx

Source: secure@microsoft.com

Vendor Advisory

http://www.securityfocus.com/archive/1/454201/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/454969/100/200/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/20797

Source: secure@microsoft.com

http://www.securityfocus.com/bid/20843

Source: secure@microsoft.com

Exploit

http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf

Source: secure@microsoft.com

http://www.us-cert.gov/cas/techalerts/TA06-346A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2006/4282

Source: secure@microsoft.com

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-06-047.html

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/29915

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288

Source: secure@microsoft.com

http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx

Source: af854a3a-2127-422b-91ae-364da2661108

http://research.eeye.com/html/alerts/zeroday/20061031.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/22603

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1017142

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/854856

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.microsoft.com/technet/security/advisory/927709.mspx

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/archive/1/454201/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/454969/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20797

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20843

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.us-cert.gov/cas/techalerts/TA06-346A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2006/4282

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.zerodayinitiative.com/advisories/ZDI-06-047.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/29915

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.