| Name | MS.Visual.Studio.WMI.Object.Broker.ActiveX.Code.Execution |
| Last Updated Date | Dec 08, 2009 |
| Release Date | Nov 01, 2006 |
| Severity | Critical |
| Impact | System Comprise: Remote attackers can gain control of the vulnerable system. |
| Description | This indicates an attack attempt to exploit a memory-corruption vulnerability
in Microsoft Visual Studio.
The vulnerability is located in the WMI Object Broker ActiveX control through
misuse of the "CreateObject" function. It may allow remote attackers to execute
arbitrary code in the context of the application using the affected ActiveX
control. Failed exploit attempts will likely cause the program to crash,
resulting in a denial-of-service condition. |
| Affected Products | Microsoft Visual Studio 2005 Team Edition for Testers 0
Microsoft Visual Studio 2005 Team Edition for Developers 0
Microsoft Visual Studio 2005 Team Edition for Architects 0
Microsoft Visual Studio 2005 Team Edition 0
Microsoft Visual Studio 2005 Standard Edition 0
Microsoft Visual Studio 2005 Professional Edition 0 |
| Recommended Actions | Refer to the vendor's web site for the suggested workaround:
http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-4704
|
| Microsoft Bulletin ID | MS06-073 http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx |
| Reference/s | http://www.securityfocus.com/bid/20843 (BugTraq)
http://www.vupen.com/english/advisories/2006/4282 (FrSIRT)
http://www.zerodayinitiative.com/advisories/ZDI-06-047.html
|