CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."

Exploit prediction scoring system (EPSS) score

EPSS Score 0.666

EPSS Ranking 98.6%

CVSS Severity

CVSS v2 Score 5.1

References

http://secunia.com/advisories/20717
http://secunia.com/secunia_research/2006-54/advisory/
http://securitytracker.com/id?1017037
http://www.kb.cert.org/vuls/id/703936
http://www.osvdb.org/29424
http://www.securityfocus.com/archive/1/448273/100/0/threaded
http://www.securityfocus.com/archive/1/448696/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/20318
http://www.vupen.com/english/advisories/2006/3984
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496
http://secunia.com/advisories/20717
http://secunia.com/secunia_research/2006-54/advisory/
http://securitytracker.com/id?1017037
http://www.kb.cert.org/vuls/id/703936
http://www.osvdb.org/29424
http://www.securityfocus.com/archive/1/448273/100/0/threaded
http://www.securityfocus.com/archive/1/448696/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/20318
http://www.vupen.com/english/advisories/2006/3984
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496

Products affected by CVE-2006-4692

Microsoft » Windows Server 2003 » Version: N/A

cpe:2.3:o:microsoft:windows_server_2003:-
Microsoft » Windows Xp » Version: N/A

cpe:2.3:o:microsoft:windows_xp:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-4692

Products

Pricing

Contact Us