CVE-2006-2492

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

CVSS v3 8.8 HIGH
CVSS v2.0 7.6 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx	Broken Link
http://isc.sans.org/diary.php?storyid=1345	Exploit
http://isc.sans.org/diary.php?storyid=1346	Exploit
http://secunia.com/advisories/20153	Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1016130	Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/446012	Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspx	Broken Link Patch Vendor Advisory
http://www.osvdb.org/25635	Broken Link
http://www.securityfocus.com/bid/18037	Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-139A.html	Broken Link Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1872	Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068	Broken Link
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx	Broken Link
http://isc.sans.org/diary.php?storyid=1345	Exploit
http://isc.sans.org/diary.php?storyid=1346	Exploit
http://secunia.com/advisories/20153	Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1016130	Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/446012	Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspx	Broken Link Patch Vendor Advisory
http://www.osvdb.org/25635	Broken Link
http://www.securityfocus.com/bid/18037	Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-139A.html	Broken Link Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.html	Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1872	Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556	Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068	Broken Link

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp1::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:a:microsoft:works_suite::::::::

History

No history.

Information

Published : 2006-05-20 00:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-2492

Mitre link : CVE-2006-2492

CVE.ORG link : CVE-2006-2492

JSON object : View

Products Affected

microsoft

works_suite
office

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

8.8 /10