CVE-2006-2273

The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.

Date published : 2006-05-11

http://www.securityfocus.com/bid/17939

http://www.securityfocus.com/archive/1/433589/100/0/threaded