Unrated severityNVD Advisory· Published Oct 10, 2006· Updated Apr 23, 2026
CVE-2006-4692
CVE-2006-4692
Description
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
Affected products
4cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_server_2003:-:-:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
12- docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-065nvdPatchVendor Advisory
- secunia.com/advisories/20717nvdBroken LinkVendor Advisory
- secunia.com/secunia_research/2006-54/advisory/nvdBroken LinkVendor Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.kb.cert.org/vuls/id/703936nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/archive/1/448273/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/448696/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/449179/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/20318nvdBroken LinkThird Party AdvisoryVDB Entry
- www.vupen.com/english/advisories/2006/3984nvdBroken LinkVendor Advisory
- www.osvdb.org/29424nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A496nvdBroken Link
News mentions
0No linked articles in our index yet.