{"vuid":"VU#703936","idnumber":"703936","name":"Microsoft Object Packager fails to properly display file types","keywords":["Microsoft","Object Packager","remote code execution","ms06-oct"],"overview":"The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.","clean_desc":"According to Microsoft: Object Packager is a tool you can use to create a package that you can insert into a file. The Object Packager fails to properly display the file types of embedded objects. According to Microsoft Security Bulletin MS06-065: An attacker could try to exploit the vulnerability by creating a specially crafted file and sending the file to a user on an affected system in email or by having them click on a link to receive the file. Once the file is received the user would then have to click on the embedded object within the file and accept a misleading dialogue indicating that the user is about access a different file type. More information is available in Microsoft Security Bulletin MS06-065.","impact":"Attackers can conceal the types of objects embedded within files, possibly misleading users into executing arbitrary code.","resolution":"Apply an update\nThis vulnerability is addressed in Microsoft Security Bulletin MS06-065.","workarounds":"Do not open files from untrusted sources\nDo not open files originating from unfamiliar or unexpected sources, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.","sysaffected":"","thanks":"This issue was reported in  Microsoft Security Bulletin MS06-065\n. Microsoft credits \nAndreas Sandblad of \nSecunia Research\n f\nor reporting \nthis vulnerability.","author":"This document was written by Jeff Gennari.","public":["http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx","http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/packager_what_is_obj_pkg.mspx?mfr=true"],"cveids":["CVE-2006-4692"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-05T19:48:03Z","publicdate":"2006-10-10T00:00:00Z","datefirstpublished":"2006-10-10T20:20:47Z","dateupdated":"2006-10-10T20:21:58Z","revision":18,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"2","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"20","cam_impact":"20","cam_easeofexploitation":"12","cam_attackeraccessrequired":"10","cam_scorecurrent":"9.9","cam_scorecurrentwidelyknown":"26.1","cam_scorecurrentwidelyknownexploited":"44.1","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":9.9,"vulnote":null}