Vulnerability Description
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Visual Studio .Net | 2005 |
References
- http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927
- http://research.eeye.com/html/alerts/zeroday/20061031.html
- http://secunia.com/advisories/22603Vendor Advisory
- http://securitytracker.com/id?1017142
- http://www.kb.cert.org/vuls/id/854856US Government Resource
- http://www.microsoft.com/technet/security/advisory/927709.mspxVendor Advisory
- http://www.securityfocus.com/archive/1/454201/100/0/threaded
- http://www.securityfocus.com/archive/1/454969/100/200/threaded
- http://www.securityfocus.com/bid/20797
- http://www.securityfocus.com/bid/20843Exploit
- http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
- http://www.us-cert.gov/cas/techalerts/TA06-346A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/4282Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-06-047.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-07
FAQ
What is CVE-2006-4704?
CVE-2006-4704 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Int...
How severe is CVE-2006-4704?
CVE-2006-4704 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4704?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Visual Studio .Net.