Info

Disclosure

Oct 10, 2006

Discovery

Jun 28, 2006

Dates

Exploit

Unknown

Solution

Oct 10, 2006

Description

Microsoft Windows Object Packages contains a flaw that may allow a malicious user to spoof filename and the associated file type in th Packager security. The issue is triggered when a slash character ('/') is included in the 'Command Line' property. It is possible that the flaw may allow execution of arbitrary shell command resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft Corporation has released a patch to address this vulnerability.

Products

Microsoft Corporation	Windows	XP SP2
		2003 Server x64
		XP SP1
		XP x64
		2003 Server SP1

References

Security Tracker: 1017037
CVE ID: 2006-4692 (see also: NVD)
Bugtraq ID: 20318
Secunia Advisory ID: 20717
SCIP VulDB ID: 2598
OVAL ID: 496
CERT VU: 703936
Microsoft Knowledge Base Article: 924496
VUPEN Advisory: ADV-2006-3984
Keyword: aka "Object Packager Dialogue Spoofing Vulnerability"
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0158.html
http://archives.neohapsis.com/archives/bugtraq/2006-10/0231.html
http://archives.neohapsis.com/archives/bugtraq/2006-10/0236.html
Other Advisory URL: http://secunia.com/secunia_research/2006-54/advisory/
Microsoft Security Bulletin: MS06-065

Credit

Andreas Sandblad - assecunia.com - Secunia Research

Direct URL: http://osvdb.org/29424