Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:11
Type | Values Removed | Values Added |
---|---|---|
References | () http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx - Broken Link | |
References | () http://isc.sans.org/diary.php?storyid=1345 - Exploit | |
References | () http://isc.sans.org/diary.php?storyid=1346 - Exploit | |
References | () http://secunia.com/advisories/20153 - Broken Link, Patch, Vendor Advisory | |
References | () http://securitytracker.com/id?1016130 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.kb.cert.org/vuls/id/446012 - Third Party Advisory, US Government Resource | |
References | () http://www.microsoft.com/technet/security/advisory/919637.mspx - Broken Link, Patch, Vendor Advisory | |
References | () http://www.osvdb.org/25635 - Broken Link | |
References | () http://www.securityfocus.com/bid/18037 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () http://www.us-cert.gov/cas/techalerts/TA06-139A.html - Broken Link, Third Party Advisory, US Government Resource | |
References | () http://www.us-cert.gov/cas/techalerts/TA06-164A.html - Broken Link, Third Party Advisory, US Government Resource | |
References | () http://www.vupen.com/english/advisories/2006/1872 - Broken Link | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 - Broken Link |
28 Jun 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References | () http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx - Broken Link | |
References | () http://isc.sans.org/diary.php?storyid=1345 - Exploit | |
References | () http://isc.sans.org/diary.php?storyid=1346 - Exploit | |
References | () http://secunia.com/advisories/20153 - Broken Link, Patch, Vendor Advisory | |
References | () http://securitytracker.com/id?1016130 - Broken Link, Third Party Advisory, VDB Entry | |
References | () http://www.kb.cert.org/vuls/id/446012 - Third Party Advisory, US Government Resource | |
References | () http://www.microsoft.com/technet/security/advisory/919637.mspx - Broken Link, Patch, Vendor Advisory | |
References | () http://www.osvdb.org/25635 - Broken Link | |
References | () http://www.securityfocus.com/bid/18037 - Broken Link, Patch, Third Party Advisory, VDB Entry | |
References | () http://www.us-cert.gov/cas/techalerts/TA06-139A.html - Broken Link, Third Party Advisory, US Government Resource | |
References | () http://www.us-cert.gov/cas/techalerts/TA06-164A.html - Broken Link, Third Party Advisory, US Government Resource | |
References | () http://www.vupen.com/english/advisories/2006/1872 - Broken Link | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 - Patch, Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 - Third Party Advisory, VDB Entry | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 - Broken Link | |
CPE | cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:* cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:works_suite:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:* cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:* |
|
CWE | CWE-120 | |
First Time |
Microsoft office
Microsoft works Suite |
|
CVSS |
v2 : v3 : |
v2 : 7.6
v3 : 8.8 |
Information
Published : 2006-05-20 00:02
Updated : 2024-11-21 00:11
NVD link : CVE-2006-2492
Mitre link : CVE-2006-2492
CVE.ORG link : CVE-2006-2492
JSON object : View
Products Affected
microsoft
- office
- works_suite
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')