CVE-2006-6561

Severity

93%

Complexity

86%

Confidentiality

165%

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Microsoft

First reported 18 years ago

2006-12-14 18:28:00

Last updated 6 years ago

2018-05-03 01:29:00

Affected Software

Microsoft Office 2000 sp3

2000

Microsoft Office 2003 sp2

2003

Microsoft Office 2004 Mac

2004

Microsoft Office XP Service Pack 3

xp

Microsoft Word 2000

2000

Microsoft Word 2002

2002

Microsoft Word 2003

2003

Microsoft Word Viewer 2003

2003

Microsoft Works 2004

2004

Microsoft Works 2005

2005

Microsoft works_suite 2006

2006

References

http://blogs.securiteam.com/?p=763

http://blogs.technet.com/msrc/archive/2006/12/15/update-on-current-word-vulnerability-reports.aspx

http://research.eeye.com/html/alerts/zeroday/20061212.html

Vendor Advisory

1017390

http://www.infoworld.com/article/06/12/13/HNthirdword_1.html

VU#996892

Third Party Advisory, US Government Resource

http://www.milw0rm.com/sploits/12122006-djtest.doc

Exploit

20061212 Re: Re: The newest Word flaw is due to malformed data structure handling

Exploit

21589

Vendor Advisory

ADV-2006-4997

Vendor Advisory

word-pointer-code-execution(30885)

oval:org.mitre.oval:def:332

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.