Check Point Advisories

Update Protection against Microsoft Management Console (MMC) Remote Code Execution Vulnerability (MS06-044)

Check Point Reference: CPAI-2006-114
Date Published: 11 Oct 2006
Severity: High
Last Updated: Thursday 03 May, 2007
Source: Microsoft Security Bulletin MS06-044
Industry Reference:CVE-2006-3643
US-CERT VU#927548
Protection Provided by:
Who is Vulnerable? Microsoft Windows 2000 SP4
Vulnerability Description Microsoft Management Console (MMC) is prone to a cross-site scripting (XSS) vulnerability. MMC is an application that allows a user to perform administrative tasks, configure Windows services and more. A remote attacker can exploit this vulnerability to execute arbitrary commands on an affected system.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS06-044
Vulnerability DetailsThis cross-site scripting vulnerability is due to an input validation error in MMC. HTML files in the MMC library can be directly referenced by Internet Explorer. A remote attacker can exploit this issue by convincing a user to enter a specially crafted web page or open a malicious e-mail message or HTML file. A successful exploitation of the vulnerability may result in arbitrary code execution on the target system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK