CVE-2006-4695 - OpenCVE

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Office Web Components

Configuration 1 [-]

cpe:2.3:a:microsoft:office_web_components:2000:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=120585858807305&w=2
http://secunia.com/advisories/29328	Patch Vendor Advisory
http://www.kb.cert.org/vuls/id/654577	US Government Resource
http://www.securityfocus.com/bid/28135	Patch
http://www.securitytracker.com/id?1019580
http://www.us-cert.gov/cas/techalerts/TA08-071A.html	US Government Resource
http://www.vupen.com/english/advisories/2008/0849/references
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14227

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microsoft

Published: 2008-03-11T23:00:00

Updated: 2018-10-12T19:57:01

Reserved: 2006-09-11T00:00:00

Link: CVE-2006-4695

JSON object: View

NVD Information

Status : Modified

Published: 2006-12-31T05:00:00.000

Modified: 2018-10-12T21:41:23.937

Link: CVE-2006-4695

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka \"Office Web Components URL Parsing Vulnerability.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-12T19:57:01", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "MS08-017", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017"}, {"name": "ADV-2008-0849", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0849/references"}, {"name": "oval:org.mitre.oval:def:14227", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14227"}, {"name": "VU#654577", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/654577"}, {"name": "TA08-071A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"}, {"name": "1019580", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1019580"}, {"name": "SSRT080028", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"}, {"name": "HPSBST02320", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"}, {"name": "28135", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/28135"}, {"name": "29328", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29328"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-4695", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka \"Office Web Components URL Parsing Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS08-017", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017"}, {"name": "ADV-2008-0849", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0849/references"}, {"name": "oval:org.mitre.oval:def:14227", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14227"}, {"name": "VU#654577", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/654577"}, {"name": "TA08-071A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"}, {"name": "1019580", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1019580"}, {"name": "SSRT080028", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"}, {"name": "HPSBST02320", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"}, {"name": "28135", "refsource": "BID", "url": "http://www.securityfocus.com/bid/28135"}, {"name": "29328", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29328"}]}}}}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-4695", "datePublished": "2008-03-11T23:00:00", "dateReserved": "2006-09-11T00:00:00", "dateUpdated": "2018-10-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office_web_components:2000:*:*:*:*:*:*:*", "matchCriteriaId": "A431CA59-8BD3-48CB-82BC-8FDCFE7440FA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka \"Office Web Components URL Parsing Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en determinados objetos COM en Microsoft Office Web Components 2000 permite a atacantes remotos asistidos por usuarios ejecutar c\u00f3digo de su elecci\u00f3n mediante URL manipuladas, tambi\u00e9n conocida como \"Vulnerabilidad en Office Web Components de an\u00e1lisis sint\u00e1ctico de URL\" (Office Web Components URL Parsing Vulnerability).\r\n"}], "id": "CVE-2006-4695", "lastModified": "2018-10-12T21:41:23.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-12-31T05:00:00.000", "references": [{"source": "secure@microsoft.com", "url": "http://marc.info/?l=bugtraq&m=120585858807305&w=2"}, {"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/29328"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/654577"}, {"source": "secure@microsoft.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/28135"}, {"source": "secure@microsoft.com", "url": "http://www.securitytracker.com/id?1019580"}, {"source": "secure@microsoft.com", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA08-071A.html"}, {"source": "secure@microsoft.com", "url": "http://www.vupen.com/english/advisories/2008/0849/references"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017"}, {"source": "secure@microsoft.com", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14227"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}