CVE-2006-4704

{"id": "CVE-2006-4704", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-11-01T15:07:00.000", "references": [{"url": "http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx", "source": "secure@microsoft.com"}, {"url": "http://research.eeye.com/html/alerts/zeroday/20061031.html", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/22603", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1017142", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/854856", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.microsoft.com/technet/security/advisory/927709.mspx", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/454201/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/454969/100/200/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/20797", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/20843", "tags": ["Exploit"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-346A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/4282", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-047.html", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29915", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka \"WMI Object Broker Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en zonas cruzadas en el Control ActiveX (WmiScriptUtils.dll) del WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) en el Microsoft Visual Studio 2005 permite atacantes remotos evitar las restricciones de la zona de Internet y ejecutar c\u00f3digo de su elecci\u00f3n instanciando objetos peligrosos, tambi\u00e9n conocido como \"Vulnerabilidad WMI Object Broker\"."}], "lastModified": "2018-10-17T21:39:13.653", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EBED7535-0091-4B27-B261-384CEADFE362"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}