CVE-2006-4692
Last modified
CVE-2006-4692 is a vulnerability of currently unknown severity. Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability.". EPSS estimates a 27.06% chance of exploitation in the next 30 days.
Description
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Windows Server 2003 | All versions | — |
| Microsoft | Windows Xp | All versions | Sp1 |
References
- http://secunia.com/advisories/20717Broken Link, Vendor Advisory
- http://secunia.com/secunia_research/2006-54/advisory/Broken Link, Vendor Advisory
- http://securitytracker.com/id?1017037Broken Link, Third Party Advisory, VDB Entry
- http://www.kb.cert.org/vuls/id/703936Third Party Advisory, US Government Resource
- http://www.osvdb.org/29424Broken Link
- http://www.securityfocus.com/archive/1/448273/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/448696/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/449179/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/20318Broken Link, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2006/3984Broken Link, Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065Patch, Vendor Advisory
- http://secunia.com/advisories/20717Broken Link, Vendor Advisory
- http://secunia.com/secunia_research/2006-54/advisory/Broken Link, Vendor Advisory
- http://securitytracker.com/id?1017037Broken Link, Third Party Advisory, VDB Entry
- http://www.kb.cert.org/vuls/id/703936Third Party Advisory, US Government Resource
- http://www.osvdb.org/29424Broken Link
- http://www.securityfocus.com/archive/1/448273/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/448696/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/449179/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/20318Broken Link, Third Party Advisory, VDB Entry
- http://www.vupen.com/english/advisories/2006/3984Broken Link, Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4692?
How severe is CVE-2006-4692?
How do I fix CVE-2006-4692?
Are you affected by CVE-2006-4692?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST