Content
(MS06-065) Microsoft Object Packager Dialogue Spoofing Vulnerability (924496)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website with malicious content
- Rating
- Medium
- CVE reference
- CVE-2006-4692,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Windows XP Generic,
- Windows 2003 Generic,
- Windows 2000 Generic,
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP1,
- Windows 2000 SP4,
- Summary
- A vulnerability exists in Microsoft Windows Object Packager that could allow for arbitrary code execution. This could be exploited by visitation to a website hosting a specially-crafted file or opening an email attachment that contained it.
Tab Navigation
Description
The Microsoft Windows Object Packager builds packages for insertion into files. A vulnerability exists in Windows Object Packager in the manner it that handles file extensions that may allow for arbitrary, remote code execution. The flaw lies in processing of improper file extensions and spoofing of the dialogue associated with the extension. Successful exploitation would involve coercing a victim to visit a malicious site or having the victim open an email that contains a malicious Excel file. Extensive user interaction would be required for this attack to be successful.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(924496): http://www.microsoft.com/technet/security/Bulletin/MS06-065.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-065) Microsoft Object Packager Dialogue Spoofing Vulnerability (924496)
- Signature identifier:
- 4677
- Release date:
- 10/10/2006
Additional Resources
Microsoft Security Bulletin: Vulnerability in Winodws Object Packager Could Allow Remote Execution (924496)
http://www.microsoft.com/technet/security/Bulletin/MS06-065.mspx
Vulnerability Summary CVE-2006-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4692
Microsoft Windows Object Packager Dialog Spoofing
All Information
Timeline -
10/11/2006
Vulnerability information has been publicly disclosed.
10/10/2006
Vendor has provided a patch.
10/10/2006
Vulnerability information has been publicly disclosed.
Description -
The Microsoft Windows Object Packager builds packages for insertion into files. A vulnerability exists in Windows Object Packager in the manner it that handles file extensions that may allow for arbitrary, remote code execution. The flaw lies in processing of improper file extensions and spoofing of the dialogue associated with the extension. Successful exploitation would involve coercing a victim to visit a malicious site or having the victim open an email that contains a malicious Excel file. Extensive user interaction would be required for this attack to be successful.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(924496): http://www.microsoft.com/technet/security/Bulletin/MS06-065.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-065) Microsoft Object Packager Dialogue Spoofing Vulnerability (924496)
- Signature identifier:
- 4677
- Release date:
- 10/10/2006
Additional Resources
Additional Resources -
Microsoft Security Bulletin: Vulnerability in Winodws Object Packager Could Allow Remote Execution (924496)
http://www.microsoft.com/technet/security/Bulletin/MS06-065.mspx
Vulnerability Summary CVE-2006-4692
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4692
