ID |
CVE-2006-3493
|
Summary |
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp2:*:*:*:*:*:*
-
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
|
CVSS |
Base: | 5.1 (as of 30-10-2018 - 16:25) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 18905 | bugtraq | - 20060710 MS Word Unchecked Boundary Condition Vulnerability
- 20060711 Fuzzing Microsoft Office
| fulldisc | - 20060707 MS Word Unchecked Boundary Condition
- 20060707 MS Word Unchecked Boundary Condition Vulnerability - POC
- 20060711 Fuzzing Microsoft Office
| misc | http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx | sectrack | 1016453 | vupen | ADV-2006-2720 | xf | office-lscreateline-dos(27617) |
|
Last major update |
30-10-2018 - 16:25 |
Published |
10-07-2006 - 22:05 |
Last modified |
30-10-2018 - 16:25 |