CVE-2006-4704

CVE Database · CVE-2006-4704

CVE-2006-4704

· N/AModified

CVSS v3.1

N/A

EPSS

42.58%

Published

Nov 1, 2006

Modified

Apr 22, 2026

Public PoC / Exploit (1)

All weaponized →

Exploit-DBMicrosoft Internet Explorer - COM CreateObject Code Execution (MS06-014/MS06-073) (Metasploit)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."

Affected Products (1)

microsoft · visual_studio_.netvulnerable

References (20)

http://blogs.technet.com/msrc/archive/2006/11/01/microsoft-security-advisory-927709-posted.aspx

http://research.eeye.com/html/alerts/zeroday/20061031.html

http://secunia.com/advisories/22603

Vendor Advisory

http://securitytracker.com/id?1017142

http://www.kb.cert.org/vuls/id/854856

US Government Resource

http://www.microsoft.com/technet/security/advisory/927709.mspx

Vendor Advisory

http://www.securityfocus.com/archive/1/454201/100/0/threaded

http://www.securityfocus.com/archive/1/454969/100/200/threaded

http://www.securityfocus.com/bid/20797

KEV Catalog EPSS Scores Vendors All CVEs