5.1

CVE-2006-4692

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."

Data is provided by the National Vulnerability Database (NVD)
MicrosoftWindows Server 2003 Version- Update-
MicrosoftWindows Server 2003 Version- Updatesp1
MicrosoftWindows Xp Version- Updatesp1
MicrosoftWindows Xp Version- Updatesp2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 66.64% 0.985
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.securityfocus.com/archive/1/449179/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://secunia.com/advisories/20717
Vendor Advisory
Broken Link
http://securitytracker.com/id?1017037
Third Party Advisory
Broken Link
VDB Entry
http://www.kb.cert.org/vuls/id/703936
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/448273/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/archive/1/448696/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/20318
Third Party Advisory
Broken Link
VDB Entry