CVE-2006-4692 - OpenCVE

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows Server 2003 Windows Xp

Configuration 1 [-]

OR	cpe:2.3:o:microsoft:windows_server_2003:-:-::::::
	cpe:2.3:o:microsoft:windows_server_2003:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp1::::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2::::::

No data.

References

Link	Providers
http://secunia.com/advisories/20717
http://secunia.com/secunia_research/2006-54/advisory/
http://securitytracker.com/id?1017037
http://www.kb.cert.org/vuls/id/703936
http://www.osvdb.org/29424
http://www.securityfocus.com/archive/1/448273/100/0/threaded
http://www.securityfocus.com/archive/1/448696/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/20318
http://www.vupen.com/english/advisories/2006/3984
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496

History

No history.

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2006-10-10T22:00:00

Updated: 2024-08-07T19:23:40.860Z

Reserved: 2006-09-11T00:00:00

Link: CVE-2006-4692

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2006-10-10T22:07:00.000

Modified: 2024-02-13T17:50:06.570

Link: CVE-2006-4692

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-10T00:00:00", "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "29424", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29424"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#703936", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/703936"}, {"name": "20318", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20318"}, {"name": "MS06-065", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"name": "ADV-2006-3984", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"name": "20717", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20717"}, {"name": "oval:org.mitre.oval:def:496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}, {"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"name": "1017037", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017037"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-4692", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29424", "refsource": "OSVDB", "url": "http://www.osvdb.org/29424"}, {"name": "SSRT061264", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#703936", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/703936"}, {"name": "20318", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20318"}, {"name": "MS06-065", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"name": "ADV-2006-3984", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"name": "http://secunia.com/secunia_research/2006-54/advisory/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"name": "HPSBST02161", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"name": "20717", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20717"}, {"name": "oval:org.mitre.oval:def:496", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}, {"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"name": "1017037", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017037"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:40.860Z"}, "title": "CVE Program Container", "references": [{"name": "29424", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29424"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "VU#703936", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/703936"}, {"name": "20318", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20318"}, {"name": "MS06-065", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"name": "ADV-2006-3984", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "20061014 Re: Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"name": "20717", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20717"}, {"name": "oval:org.mitre.oval:def:496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}, {"name": "20061011 Secunia Research: Microsoft Windows Object Packager Dialog Spoofing", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"name": "1017037", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017037"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-4692", "datePublished": "2006-10-10T22:00:00", "dateReserved": "2006-09-11T00:00:00", "dateUpdated": "2024-08-07T19:23:40.860Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*", "matchCriteriaId": "D8EAA5F2-20F2-4BE1-A41E-5FAFE69015C8", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "43D64F8D-975A-4A5B-BEDF-D27D65C96A29", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "2572F7E5-75A3-4C11-866B-A4E9ADBD8D08", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "34DF3B5E-F17F-49B4-9DC8-06749F3C9CC3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a \"/\" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka \"Object Packager Dialogue Spoofing Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n de argumento en el Windows Object Packager de Microsoft Windows XP SP1 y SP2 y Server 2003 SP1 y anteriores permite a permite a usuarios autenticados remotamente ejecutar comandos de su elecci\u00f3n mediante un archivo manipulado con un car\u00e1cter \"/\" (barra o slash) en el nombre de fichero de la propiedad de l\u00ednea de comandos, seguido por una extensi\u00f3n de archivo v\u00e1lida, lo cual provoca que el comando anterior a la barra sea ejecutado, tambi\u00e9n conocida como \"Vulnerabilidad de Suplantaci\u00f3n de Di\u00e1logo en el Empaquetador de Objetos\"."}], "id": "CVE-2006-4692", "lastModified": "2024-02-13T17:50:06.570", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-10T22:07:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/20717"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/secunia_research/2006-54/advisory/"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017037"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/703936"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/29424"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/448273/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/448696/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20318"}, {"source": "secure@microsoft.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3984"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}