First published: Tue Oct 10 2006(Updated: )
Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows XP | =sp1 | |
Microsoft Windows 2003 Server | =sp1 | |
Microsoft Windows XP | =sp2 | |
Microsoft Windows Server 2003 | ||
Microsoft Windows Server 2003 | =sp1 | |
Microsoft Windows XP | =sp1 | |
Microsoft Windows XP | =sp2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.