The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.
According to Microsoft:
Object Packager is a tool you can use to create a package that you can insert into a file.
Attackers can conceal the types of objects embedded within files, possibly misleading users into executing arbitrary code.
Apply an update
Do not open files from untrusted sources
Do not open files originating from unfamiliar or unexpected sources, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.
This issue was reported in Microsoft Security Bulletin MS06-065. Microsoft credits Andreas Sandblad of Secunia Research for reporting this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2006-10-10|
|Date Last Updated:||2006-10-10 20:21 UTC|