===================================================================== CERT-Renater Note d'Information No. 2006/VULN556 _____________________________________________________________________ DATE : 13/12/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running Visual Studio 2005. ====================================================================== MS06-073 - Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674) Affected Software: - Microsoft Visual Studio 2005 Full MS06-073 Advisory: http://www.microsoft.com/technet/security/Bulletin/MS06-073.mspx Vulerability Details WMI Object Broker Vulnerability CVE-2006-4704 A remote code execution vulnerability exists in the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005.An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================