OVAL Repository - View Definition: oval:org.mitre.oval:def:496

OVAL Repository > View Definition

View Definition

NEW SEARCH : BACK

Definition Id: oval:org.mitre.oval:def:496		Version: 3 Last Modified: 2011-04-22
Title:	Object Packager Dialogue Spoofing Vulnerability
Description:	Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
Family:	windows	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2006-4692
Platform(s):	Microsoft Windows XP Microsoft Windows Server 2003	Product(s):
Definition Synopsis:
WinXP,SP1 Microsoft Windows XP SP1 (32-bit) is installed AND The version of shdocvw.dll is less than 6.0.2800.1892 OR WinXP,SP2 Microsoft Windows XP SP2 or later is installed AND The version of shdocvw.dll is less than 6.0.2900.2987 OR WinXP,SP1 (64-bit) Microsoft Windows XP SP1 (64-bit) is installed AND The version of shdocvw.dll is less than 6.0.3790.2783 OR S03-Gold Microsoft Windows Server 2003 (x86) Gold is installed AND The version of shdocvw.dll is less than 6.0.3790.588 OR S03,SP1 Microsoft Windows Server 2003 SP1 (x86) is installed AND The version of shdocvw.dll is less than 6.0.3790.2783

NEW SEARCH : BACK

OVAL Repository

About the Repository

OVAL Repository Forum

Author’s Resources

Items of Interest