OpenCVE

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows Server 2003 Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_server_2003:-:-::::::
	cpe:2.3:o:microsoft:windows_server_2003:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::

No data.

References

Link	Providers
http://secunia.com/advisories/20717
http://secunia.com/secunia_research/2006-54/advisory/
http://securitytracker.com/id?1017037
http://www.kb.cert.org/vuls/id/703936
http://www.osvdb.org/29424
http://www.securityfocus.com/archive/1/448273/100/0/threaded
http://www.securityfocus.com/archive/1/448696/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/20318
http://www.vupen.com/english/advisories/2006/3984
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496

History

Tue, 15 Oct 2024 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2006-10-10T22:00:00

Updated: 2024-10-15T14:16:30.576Z

Reserved: 2006-09-11T00:00:00

Link: CVE-2006-4692

Vulnrichment

Updated: 2024-08-07T19:23:40.860Z

NVD

Status : Analyzed

Published: 2006-10-10T22:07:00.000

Modified: 2024-02-13T17:50:06.570

Link: CVE-2006-4692

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "29424", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29424"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#703936", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/703936"}, {"name": "20318", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20318"}, {"name": "MS06-065", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"name": "ADV-2006-3984", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"name": "20717", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20717"}, {"name": "oval:org.mitre.oval:def:496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}, {"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"name": "1017037", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017037"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-4692", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29424", "refsource": "OSVDB", "url": "http://www.osvdb.org/29424"}, {"name": "SSRT061264", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#703936", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/703936"}, {"name": "20318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20318"}, {"name": "MS06-065", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"name": "ADV-2006-3984", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"name": "http://secunia.com/secunia_research/2006-54/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"name": "HPSBST02161", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"name": "20717", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20717"}, {"name": "oval:org.mitre.oval:def:496", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}, {"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"name": "1017037", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017037"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:40.860Z"}, "title": "CVE Program Container", "references": [{"name": "29424", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29424"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#703936", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/703936"}, {"name": "20318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20318"}, {"name": "MS06-065", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"name": "ADV-2006-3984", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"name": "20717", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20717"}, {"name": "oval:org.mitre.oval:def:496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}, {"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"name": "1017037", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017037"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-15T14:15:25.340433Z", "id": "CVE-2006-4692", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:16:30.576Z"}}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-4692", "datePublished": "2006-10-10T22:00:00", "dateReserved": "2006-09-11T00:00:00", "dateUpdated": "2024-10-15T14:16:30.576Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.osvdb.org/29424", "name": "29424", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://www.kb.cert.org/vuls/id/703936", "name": "VU#703936", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/20318", "name": "20318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065", "name": "MS06-065", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"]}, {"url": "http://www.vupen.com/english/advisories/2006/3984", "name": "ADV-2006-3984", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"]}, {"url": "http://secunia.com/secunia_research/2006-54/advisory/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded", "name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://secunia.com/advisories/20717", "name": "20717", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496", "name": "oval:org.mitre.oval:def:496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"]}, {"url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded", "name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"]}, {"url": "http://securitytracker.com/id?1017037", "name": "1017037", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:40.860Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2006-4692", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-15T14:15:25.340433Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-15T14:16:27.152Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-10T00:00:00", "references": [{"url": "http://www.osvdb.org/29424", "name": "29424", "tags": ["vdb-entry", "x_refsource_OSVDB"]}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://www.kb.cert.org/vuls/id/703936", "name": "VU#703936", "tags": ["third-party-advisory", "x_refsource_CERT-VN"]}, {"url": "http://www.securityfocus.com/bid/20318", "name": "20318", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065", "name": "MS06-065", "tags": ["vendor-advisory", "x_refsource_MS"]}, {"url": "http://www.vupen.com/english/advisories/2006/3984", "name": "ADV-2006-3984", "tags": ["vdb-entry", "x_refsource_VUPEN"]}, {"url": "http://secunia.com/secunia_research/2006-54/advisory/", "tags": ["x_refsource_MISC"]}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded", "name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://secunia.com/advisories/20717", "name": "20717", "tags": ["third-party-advisory", "x_refsource_SECUNIA"]}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496", "name": "oval:org.mitre.oval:def:496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"]}, {"url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded", "name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ"]}, {"url": "http://securitytracker.com/id?1017037", "name": "1017037", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2018-10-17T20:57:01"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.osvdb.org/29424", "name": "29424", "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "name": "SSRT061264", "refsource": "HP"}, {"url": "http://www.kb.cert.org/vuls/id/703936", "name": "VU#703936", "refsource": "CERT-VN"}, {"url": "http://www.securityfocus.com/bid/20318", "name": "20318", "refsource": "BID"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065", "name": "MS06-065", "refsource": "MS"}, {"url": "http://www.vupen.com/english/advisories/2006/3984", "name": "ADV-2006-3984", "refsource": "VUPEN"}, {"url": "http://secunia.com/secunia_research/2006-54/advisory/", "name": "http://secunia.com/secunia_research/2006-54/advisory/", "refsource": "MISC"}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "name": "HPSBST02161", "refsource": "HP"}, {"url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded", "name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "refsource": "BUGTRAQ"}, {"url": "http://secunia.com/advisories/20717", "name": "20717", "refsource": "SECUNIA"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496", "name": "oval:org.mitre.oval:def:496", "refsource": "OVAL"}, {"url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded", "name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "refsource": "BUGTRAQ"}, {"url": "http://securitytracker.com/id?1017037", "name": "1017037", "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4692", "STATE": "PUBLIC", "ASSIGNER": "secure@microsoft.com"}}}}, "cveMetadata": {"cveId": "CVE-2006-4692", "state": "PUBLISHED", "dateUpdated": "2024-10-15T14:16:30.576Z", "dateReserved": "2006-09-11T00:00:00", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2006-10-10T22:00:00", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*", "matchCriteriaId": "D8EAA5F2-20F2-4BE1-A41E-5FAFE69015C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de argumento en el Windows Object Packager de Microsoft Windows XP SP1 y SP2 y Server 2003 SP1 y anteriores permite a permite a usuarios autenticados remotamente ejecutar comandos de su elecci\u00f3n mediante un archivo manipulado con un car\u00e1cter \"/\" (barra o slash) en el nombre de fichero de la propiedad de l\u00ednea de comandos, seguido por una extensi\u00f3n de archivo v\u00e1lida, lo cual provoca que el comando anterior a la barra sea ejecutado, tambi\u00e9n conocida como \"Vulnerabilidad de Suplantaci\u00f3n de Di\u00e1logo en el Empaquetador de Objetos\"."}], "id": "CVE-2006-4692", "lastModified": "2024-02-13T17:50:06.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-10T22:07:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/20717"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017037"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/703936"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/29424"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20318"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}