CVE-2006-2492

KEV
Published: Mag 20, 2006 Last Modified: Ott 22, 2025
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
HIGH 7,6
Source: [email protected]
Access Vector: network
Access Complexity: high
Authentication: none
Confidentiality: complete
Integrity: complete
Availability: complete

Description

AI Translation Available

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,7722
Percentile
1,0th
Updated

EPSS Score Trend (Last 90 Days)

120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Incomplete
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Confidentiality Availability
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu)
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
Application

Office by Microsoft

Product Information
Vendor Microsoft
Product Office
Version 2003
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Office by Microsoft

Product Information
Vendor Microsoft
Product Office
Version 2000
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Office by Microsoft

Product Information
Vendor Microsoft
Product Office
Version 2003
cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Office by Microsoft

Product Information
Vendor Microsoft
Product Office
Version xp
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Works Suite by Microsoft

Product Information
Vendor Microsoft
Product Works Suite
Version Range Affected
From 2000 (inclusive)
To 2006 (inclusive)
cpe:2.3:a:microsoft:works_suite:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalo…
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006…
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
http://isc.sans.org/diary.php?storyid=1345
http://isc.sans.org/diary.php?storyid=1345
http://isc.sans.org/diary.php?storyid=1346
http://isc.sans.org/diary.php?storyid=1346
https://docs.microsoft.com/en-us/security-updates/securityb…
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-0…
http://secunia.com/advisories/20153
http://secunia.com/advisories/20153
http://securitytracker.com/id?1016130
http://securitytracker.com/id?1016130
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://www.kb.cert.org/vuls/id/446012
http://www.kb.cert.org/vuls/id/446012
http://www.microsoft.com/technet/security/advisory/919637.m…
http://www.microsoft.com/technet/security/advisory/919637.mspx
http://www.osvdb.org/25635
http://www.osvdb.org/25635
http://www.securityfocus.com/bid/18037
http://www.securityfocus.com/bid/18037
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://www.vupen.com/english/advisories/2006/1872
http://www.vupen.com/english/advisories/2006/1872
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
http://isc.sans.org/diary.php?storyid=1345
http://isc.sans.org/diary.php?storyid=1345
http://isc.sans.org/diary.php?storyid=1346
http://isc.sans.org/diary.php?storyid=1346
https://docs.microsoft.com/en-us/security-updates/securityb…
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-0…
http://secunia.com/advisories/20153
http://secunia.com/advisories/20153
http://securitytracker.com/id?1016130
http://securitytracker.com/id?1016130
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
https://oval.cisecurity.org/repository/search/definition/ov…
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%…
http://www.kb.cert.org/vuls/id/446012
http://www.kb.cert.org/vuls/id/446012
http://www.microsoft.com/technet/security/advisory/919637.m…
http://www.microsoft.com/technet/security/advisory/919637.mspx
http://www.osvdb.org/25635
http://www.osvdb.org/25635
http://www.securityfocus.com/bid/18037
http://www.securityfocus.com/bid/18037
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://www.vupen.com/english/advisories/2006/1872
http://www.vupen.com/english/advisories/2006/1872