Alias(es)Microsoft.RTF.Object.Package.Download.Attempt |
Release DateOct 10, 2006 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit the Dialogue Spoofing Vulnerability in Microsoft Windows Object Packager.The Windows Object Packager in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier does not properly handle file extensions that could allow remote attackers to execute arbitrary command by sending crafted file with embedded package object. |
Affected ProductsMicrosoft Windows XP Service Pack 1Microsoft Windows XP Service Pack 2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 Microsoft Windows Server 2003 Service Pack 1 Microsoft Windows Server 2003 (Itanium) Microsoft Windows Server 2003 SP1 (Itanium) Microsoft Windows Server 2003 x64 Edition |
Recommended ActionsApply patch, available from the web site:http://www.microsoft.com/technet/security/bulletin/MS06-065.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-4692 |
Reference/shttp://technet.microsoft.com/en-us/security/bulletin/MS06-065.mspx (MS-ID)http://www.frsirt.com/english/advisories/2006/3984 (FrSIRT) |
