Content
(MS06-073) Microsoft Vulnerability Visual Studio 2005 Remote Code Execution (925674)
- Type
- Misconfiguration
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Website or e-mail with malicious content
- Rating
- High
- CVE reference
- CVE-2006-4704,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Visual Studio 2005,
- Windows XP SP0 - SP2,
- Windows 2003 SP0 - SP1,
- Windows 2000 SP4,
- Summary
- A vulnerability exists in Microsoft Visual Studio 2005 that may allow for remote code execution attacks. A user would have to visit a malicious website or open an HTML email for an attack to occur.
Tab Navigation
Description
Visual Studio is an integrated development environment developed by Microsoft. Internet Explorer (IE) is an industry-standard Web browser developed by Microsoft. The WMI Object is used by Visual Studio 2005 in its WMI Wizard feature. An unspecified vulnerability exists in Visual Studio 2005 that may allow for code execution. The vulnerability is exposed if the WMI Object Broker ActiveX control, included in WmiScriptUtils.dll, is enabled via the ActiveX Opt-in Feature in the Internet Zone of Internet Explorer. Remote attackers could exploit this vulnerability if they lured a victim running Internet Explorer on a malicious website or coerce them to open an HTML email.
McAfee Product Mitigation & Recommendations
Recommendations
Download and install the patch available from Microsoft(925674): http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-073) Microsoft Vulnerability Visual Studio 2005 Remote Code Execution (925674)
- Signature identifier:
- 4726
- Release date:
- 11/7/2006
- First released in:
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP:Potential_Malicious_ActiveX_Detected
- Signature identifier:
- 0x4022F500
- Release date:
- 12/12/2006
- First released in:
- sigset 3.1.27
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
- Signature identifier:
- 3783
- Release date:
- 11/14/2006
- First released in:
- security content 792
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (2)
- Signature identifier:
- 3786
- Release date:
- 11/14/2006
- First released in:
- security content 792
McAfee Anti-Virus protection
The following A-V signature detects malware that is known to exploit this vulnerability
- Signature:
- Exploit-CVE2006-4704
- Release date:
- 11/6/2006
- First released in:
- DAT 4889
Additional Resources
Microsoft Security Advisory: Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/927709.mspx
WMI Object Broker ActiveX Control bypasses ActiveX security model
http://www.kb.cert.org/vuls/id/854856
Microsoft Security Bulletin: Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674)
http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx
Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability
All Information
Timeline -
12/12/2006
Vendor has provided a patch.
12/12/2006
Vulnerability information has been publicly disclosed.
11/10/2006
Active exploitation has been found in the wild.
11/1/2006
Vulnerability information has been publicly disclosed.
10/31/2006
Vendor has provided information on the vulnerability.
10/30/2006
Technical exploitation information has been released.
Description -
Visual Studio is an integrated development environment developed by Microsoft. Internet Explorer (IE) is an industry-standard Web browser developed by Microsoft. The WMI Object is used by Visual Studio 2005 in its WMI Wizard feature. An unspecified vulnerability exists in Visual Studio 2005 that may allow for code execution. The vulnerability is exposed if the WMI Object Broker ActiveX control, included in WmiScriptUtils.dll, is enabled via the ActiveX Opt-in Feature in the Internet Zone of Internet Explorer. Remote attackers could exploit this vulnerability if they lured a victim running Internet Explorer on a malicious website or coerce them to open an HTML email.
McAfee Product Mitigation & Recommendations
Recommendations -
Download and install the patch available from Microsoft(925674): http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx
McAfee Product Mitigation
McAfee Foundstone
This Foundstone vulnerability check can be used to assess if your systems are vulnerable and is expected to accurately identify if a system is vulnerable in many enterprise environments.
- Signature:
- (MS06-073) Microsoft Vulnerability Visual Studio 2005 Remote Code Execution (925674)
- Signature identifier:
- 4726
- Release date:
- 11/7/2006
- First released in:
McAfee Intrushield
This signature provides coverage for this vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- HTTP:Potential_Malicious_ActiveX_Detected
- Signature identifier:
- 0x4022F500
- Release date:
- 12/12/2006
- First released in:
- sigset 3.1.27
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
- Signature identifier:
- 3783
- Release date:
- 11/14/2006
- First released in:
- security content 792
McAfee Host IPS
McAfee Host IPS is proactively protecting customers against all known exploits of this buffer overflow vulnerability. McAfee Avert Labs will continue to update our coverage, as needed, as new exploit vectors are discovered and as new threats emerge.
- Signature:
- Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (2)
- Signature identifier:
- 3786
- Release date:
- 11/14/2006
- First released in:
- security content 792
McAfee Anti-Virus protection
The following A-V signature detects malware that is known to exploit this vulnerability
- Signature:
- Exploit-CVE2006-4704
- Release date:
- 11/6/2006
- First released in:
- DAT 4889
Additional Resources
Additional Resources -
Microsoft Security Advisory: Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/927709.mspx
WMI Object Broker ActiveX Control bypasses ActiveX security model
http://www.kb.cert.org/vuls/id/854856
Microsoft Security Bulletin: Vulnerability Visual Studio 2005 Could Allow Remote Code Execution (925674)
http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx
