The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system.
According to Microsoft:
Object Packager is a tool you can use to create a package that you can insert into a file.
Attackers can conceal the types of objects embedded within files, possibly misleading users into executing arbitrary code.
Apply an update
Do not open files from untrusted sources
Do not open files originating from unfamiliar or unexpected sources, including those received as email attachments or hosted on a web site. For more information, please see Using Caution with Email Attachments.
Microsoft Corporation Affected
Notified: October 10, 2006 Updated: October 10, 2006
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to http://www.microsoft.com/technet/security/bulletin/ms06-065.mspx.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
This issue was reported in Microsoft Security Bulletin MS06-065. Microsoft credits Andreas Sandblad of Secunia Research for reporting this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2006-10-10|
|Date Last Updated:||2006-10-10 20:21 UTC|