Threat Level: green Handler on Duty: Kevin Liston

SANS ISC: MS06-065: Remote Code Excution in Windows Object Packager - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-065: Remote Code Excution in Windows Object Packager
There exists a remote code execution vulnerability in Windows Object Packager (MS06-065) due to the way the application handles file extensions. A specially crafted file could be created that would execute code if a user was sent to a malicious website. However, there is quite a bit of user interaction required for this exploit to actually work. Enhanced Security Configuration for Windows 2003 will effectively mitigate this problem.

The CVE for this exploit is CVE-2006-4692 and will not likely see much action in the wild.
John

248 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!