CVE-2006-4704

N/A Unknown
Published: November 01, 2006 Modified: April 23, 2026
View on NVD

Description

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
Source: secure@microsoft.com
http://research.eeye.com/html/alerts/zeroday/20061031.html
Source: secure@microsoft.com
http://secunia.com/advisories/22603
Source: secure@microsoft.com
Vendor Advisory
http://securitytracker.com/id?1017142
Source: secure@microsoft.com
http://www.kb.cert.org/vuls/id/854856
Source: secure@microsoft.com
US Government Resource
http://www.microsoft.com/technet/security/advisory/927709.mspx
Source: secure@microsoft.com
Vendor Advisory
http://www.securityfocus.com/archive/1/454201/100/0/threaded
Source: secure@microsoft.com
http://www.securityfocus.com/archive/1/454969/100/200/threaded
Source: secure@microsoft.com
http://www.securityfocus.com/bid/20797
Source: secure@microsoft.com
http://www.securityfocus.com/bid/20843
Source: secure@microsoft.com
Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
Source: secure@microsoft.com
http://www.us-cert.gov/cas/techalerts/TA06-346A.html
Source: secure@microsoft.com
US Government Resource
http://www.vupen.com/english/advisories/2006/4282
Source: secure@microsoft.com
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-047.html
Source: secure@microsoft.com
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073
Source: secure@microsoft.com
https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
Source: secure@microsoft.com
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288
Source: secure@microsoft.com
http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
http://research.eeye.com/html/alerts/zeroday/20061031.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/22603
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://securitytracker.com/id?1017142
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/854856
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.microsoft.com/technet/security/advisory/927709.mspx
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/archive/1/454201/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/archive/1/454969/100/200/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/20797
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/20843
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://www.securityfocus.com/data/vulnerabilities/exploits/0day_ie.pdf
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.us-cert.gov/cas/techalerts/TA06-346A.html
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.vupen.com/english/advisories/2006/4282
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-047.html
Source: af854a3a-2127-422b-91ae-364da2661108
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-073
Source: af854a3a-2127-422b-91ae-364da2661108
https://exchange.xforce.ibmcloud.com/vulnerabilities/29915
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A288
Source: af854a3a-2127-422b-91ae-364da2661108

34 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
Exploitation Status
Not in CISA KEV

Affected Vendors

microsoft