=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2006/VULN513
_____________________________________________________________________

DATE                      : 11/10/2006

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows XP, Windows Server 2003 running
                                              Windows Object Packager.

======================================================================
  http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx


MS06-065 - Vulnerability in Windows Object Packager Could Allow Remote
            Execution (924496)

Affected Software:

   - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
     Pack 2

   - Microsoft Windows XP Professional x64 Edition

   - Microsoft Windows Server 2003 and Microsoft Windows Server 2003
     Service Pack 1

   - Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
     Windows Server 2003 with SP1 for Itanium-based Systems

   - Microsoft Windows Server 2003 x64 Edition

Non-Affected Software:

    - Microsoft Windows 2000 Service Pack 4

- From Microsoft Security Bulletin MS06-065:

   Vulnerability Details:

   Object Packager Dialogue Spoofing Vulnerability - CVE-2006-4692:

   A remote code execution vulnerability exists in Windows Object Packager
   because of the way that file extensions are handled. An attacker could
   exploit the vulnerability by constructing a specially crafted file that could
   potentially allow remote code execution if a user visited a specially crafted
   Web site. An attacker who successfully exploited this vulnerability could
   take complete control of an affected system. However, significant user
   interaction is required to exploit this vulnerability.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================