Content

Exploit-CVE2006-4704

Type
Trojan
SubType
Exploit
Discovery Date
11/03/2006
Length
Varies
Minimum DAT
4889 (11/06/2006)
Updated DAT
4889 (11/06/2006)
Minimum Engine
5.1.00
Description Added
11/05/2006
Description Modified
11/05/2006 7:19 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Exploit-CVE2006-4704 is a generic detection for HTML files that attempts to exploit an unpatched vulnerability in Visual Studio 2005 WMI Broker Object ActiveX control (CVE-2006-4704) that can result in the execution of arbitrary code.

Known exploits have been detected as VBS/Psyme.

For more details on the vulnerability, see:

Symptoms

Internet Explorer will likely crash upon exploitation.  Any number of subsequent actions may be taken by the malware.

Method of Infection

Users may be lured (such as through spam or spim) to visit a malicious site.  Upon loading the web page, a vulnerable web browser will execute the payload.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Exploit-CVE2006-4704 is a generic detection for HTML files that attempts to exploit an unpatched vulnerability in Visual Studio 2005 WMI Broker Object ActiveX control that can result in the execution of arbitrary code.

Characteristics

Characteristics -

Exploit-CVE2006-4704 is a generic detection for HTML files that attempts to exploit an unpatched vulnerability in Visual Studio 2005 WMI Broker Object ActiveX control (CVE-2006-4704) that can result in the execution of arbitrary code.

Known exploits have been detected as VBS/Psyme.

For more details on the vulnerability, see:

Symptoms

Symptoms -

Internet Explorer will likely crash upon exploitation.  Any number of subsequent actions may be taken by the malware.

Method of Infection

Method of Infection -

Users may be lured (such as through spam or spim) to visit a malicious site.  Upon loading the web page, a vulnerable web browser will execute the payload.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A