ID CVE-2006-2492
Summary Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
CVSS
Base: 7.6 (as of 12-10-2018 - 21:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2012-05-28T04:00:44.640-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
    family windows
    id oval:org.mitre.oval:def:1418
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft Word2003 Malformed Object Pointer Vulnerability
    version 4
  • accepted 2012-05-28T04:01:21.883-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
    family windows
    id oval:org.mitre.oval:def:1738
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft Word2002 Malformed Object Pointer Vulnerability
    version 4
  • accepted 2012-05-28T04:01:29.081-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
    family windows
    id oval:org.mitre.oval:def:2068
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft Word2000 Malformed Object Pointer Vulnerability
    version 4
refmap via4
bid 18037
cert
  • TA06-139A
  • TA06-164A
cert-vn VU#446012
confirm http://www.microsoft.com/technet/security/advisory/919637.mspx
misc
osvdb 25635
sectrack 1016130
secunia 20153
vupen ADV-2006-1872
xf word-code-execution(26556)
Last major update 12-10-2018 - 21:40
Published 20-05-2006 - 00:02
Last modified 12-10-2018 - 21:40
Back to Top