CVE-2006-5994

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft

First reported 18 years ago

2006-12-06 20:28:00

Last updated 6 years ago

2018-10-17 21:46:00

Affected Software

Microsoft Office 2000 sp3

2000

Microsoft Office 2003 sp2

2003

Microsoft Office 2004 Mac

2004

Microsoft Office XP Service Pack 3

xp

Microsoft Word 2000

2000

Microsoft Word 2002

2002

Microsoft Word 2003

2003

Microsoft Word Viewer 2003

2003

Microsoft Works 2004

2004

Microsoft Works 2005

2005

Microsoft works_suite 2006

2006

References

http://blogs.securiteam.com/?p=759

http://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspx

23232

Vendor Advisory

1017339

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005698&intsrc=hm_list

VU#167928

US Government Resource

http://www.microsoft.com/technet/security/advisory/929433.mspx

30824

20061206 Microsoft 0-day word vulnerability - Secunia - Extremely critical

20061208 Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written

20061210 Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document

21451

TA07-044A

US Government Resource

ADV-2006-4866

Vendor Advisory

MS07-014

word-unspecified-code-execution(30738)

oval:org.mitre.oval:def:238

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.

CVE-2006-5994

Severity

What is severity?

Complexity

What is complexity?

Confidentiality

What is confidentiality?

Overview

Type

First reported 18 years ago

Last updated 6 years ago

Affected Software

Microsoft Office 2000 sp3

Microsoft Office 2003 sp2

Microsoft Office 2004 Mac

Microsoft Office XP Service Pack 3

Microsoft Word 2000

Microsoft Word 2002

Microsoft Word 2003

Microsoft Word Viewer 2003

Microsoft Works 2004

Microsoft Works 2005

Microsoft works_suite 2006

References

http://blogs.securiteam.com/?p=759

http://blogs.technet.com/msrc/archive/2006/12/06/microsoft-security-advisory-929433-posted.aspx

23232

1017339

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9005698&intsrc=hm_list

VU#167928

http://www.microsoft.com/technet/security/advisory/929433.mspx

30824

20061206 Microsoft 0-day word vulnerability - Secunia - Extremely critical

20061208 Microsoft Word 0-day Vulnerability FAQ (CVE-2006-5994) written

20061210 Several updates in Microsoft Word 0-day (CVE-2006-5994) FAQ document

21451

TA07-044A

ADV-2006-4866

MS07-014

word-unspecified-code-execution(30738)

oval:org.mitre.oval:def:238

Stay updated

Get in touch