CVE-2006-2492

Severity

76%

Complexity

49%

Confidentiality

165%

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

CVSS 2.0 Base Score 7.6. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C).

Overview

First reported 18 years ago

2006-05-20 00:02:00

Last updated 6 years ago

2018-10-12 21:40:00

Affected Software

Microsoft Word 2003

2003

References

http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx

http://isc.sans.org/diary.php?storyid=1345

http://isc.sans.org/diary.php?storyid=1346

20153

Patch, Vendor Advisory

1016130

VU#446012

US Government Resource

http://www.microsoft.com/technet/security/advisory/919637.mspx

25635

18037

Patch

TA06-139A

US Government Resource

TA06-164A

US Government Resource

ADV-2006-1872

MS06-027

word-code-execution(26556)

oval:org.mitre.oval:def:1418

oval:org.mitre.oval:def:1738

oval:org.mitre.oval:def:2068

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.