New Search

Object Packager Dialogue Spoofing Vulnerability

oval:org.mitre.oval:def:496

Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property followed by a valid file extension which causes the command before the slash to be executed aka "Object Packager Dialogue Spoofing Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2006-4692
Product(s):