CVE-2006-2492

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
References
Link Resource
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx Broken Link
http://isc.sans.org/diary.php?storyid=1345 Exploit
http://isc.sans.org/diary.php?storyid=1346 Exploit
http://secunia.com/advisories/20153 Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1016130 Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/446012 Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspx Broken Link Patch Vendor Advisory
http://www.osvdb.org/25635 Broken Link
http://www.securityfocus.com/bid/18037 Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-139A.html Broken Link Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1872 Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 Broken Link
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx Broken Link
http://isc.sans.org/diary.php?storyid=1345 Exploit
http://isc.sans.org/diary.php?storyid=1346 Exploit
http://secunia.com/advisories/20153 Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1016130 Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/446012 Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspx Broken Link Patch Vendor Advisory
http://www.osvdb.org/25635 Broken Link
http://www.securityfocus.com/bid/18037 Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-139A.html Broken Link Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.html Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1872 Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 Broken Link
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:works_suite:*:*:*:*:*:*:*:*

History

21 Nov 2024, 00:11

Type Values Removed Values Added
References () http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx - Broken Link () http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx - Broken Link
References () http://isc.sans.org/diary.php?storyid=1345 - Exploit () http://isc.sans.org/diary.php?storyid=1345 - Exploit
References () http://isc.sans.org/diary.php?storyid=1346 - Exploit () http://isc.sans.org/diary.php?storyid=1346 - Exploit
References () http://secunia.com/advisories/20153 - Broken Link, Patch, Vendor Advisory () http://secunia.com/advisories/20153 - Broken Link, Patch, Vendor Advisory
References () http://securitytracker.com/id?1016130 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1016130 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.kb.cert.org/vuls/id/446012 - Third Party Advisory, US Government Resource () http://www.kb.cert.org/vuls/id/446012 - Third Party Advisory, US Government Resource
References () http://www.microsoft.com/technet/security/advisory/919637.mspx - Broken Link, Patch, Vendor Advisory () http://www.microsoft.com/technet/security/advisory/919637.mspx - Broken Link, Patch, Vendor Advisory
References () http://www.osvdb.org/25635 - Broken Link () http://www.osvdb.org/25635 - Broken Link
References () http://www.securityfocus.com/bid/18037 - Broken Link, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/18037 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA06-139A.html - Broken Link, Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-139A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.us-cert.gov/cas/techalerts/TA06-164A.html - Broken Link, Third Party Advisory, US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-164A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2006/1872 - Broken Link () http://www.vupen.com/english/advisories/2006/1872 - Broken Link
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 - Patch, Vendor Advisory () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 - Broken Link () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 - Broken Link

28 Jun 2024, 14:15

Type Values Removed Values Added
References () http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx - () http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx - Broken Link
References () http://isc.sans.org/diary.php?storyid=1345 - () http://isc.sans.org/diary.php?storyid=1345 - Exploit
References () http://isc.sans.org/diary.php?storyid=1346 - () http://isc.sans.org/diary.php?storyid=1346 - Exploit
References () http://secunia.com/advisories/20153 - Patch, Vendor Advisory () http://secunia.com/advisories/20153 - Broken Link, Patch, Vendor Advisory
References () http://securitytracker.com/id?1016130 - () http://securitytracker.com/id?1016130 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.kb.cert.org/vuls/id/446012 - US Government Resource () http://www.kb.cert.org/vuls/id/446012 - Third Party Advisory, US Government Resource
References () http://www.microsoft.com/technet/security/advisory/919637.mspx - () http://www.microsoft.com/technet/security/advisory/919637.mspx - Broken Link, Patch, Vendor Advisory
References () http://www.osvdb.org/25635 - () http://www.osvdb.org/25635 - Broken Link
References () http://www.securityfocus.com/bid/18037 - Patch () http://www.securityfocus.com/bid/18037 - Broken Link, Patch, Third Party Advisory, VDB Entry
References () http://www.us-cert.gov/cas/techalerts/TA06-139A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-139A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.us-cert.gov/cas/techalerts/TA06-164A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-164A.html - Broken Link, Third Party Advisory, US Government Resource
References () http://www.vupen.com/english/advisories/2006/1872 - () http://www.vupen.com/english/advisories/2006/1872 - Broken Link
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 - Patch, Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 - Third Party Advisory, VDB Entry
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 - Broken Link
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 - Broken Link
CPE cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:* cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:works_suite:*:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
CWE NVD-CWE-Other CWE-120
First Time Microsoft office
Microsoft works Suite
CVSS v2 : 7.6
v3 : unknown
v2 : 7.6
v3 : 8.8

Information

Published : 2006-05-20 00:02

Updated : 2024-11-21 00:11


NVD link : CVE-2006-2492

Mitre link : CVE-2006-2492

CVE.ORG link : CVE-2006-2492


JSON object : View

Products Affected

microsoft

  • office
  • works_suite
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')