Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2492

Overview

Vulnerability Score 7.6 7.6
CVE Id CVE-2006-2492
Last Modified 07 Mar 2011 09:36:18
Published 19 May 2006 08:02:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2492

Summary

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

Vulnerable Systems

Application

  • Microsoft Word 2003


References

CERT - TA06-164A

CERT - TA06-139A

CERT-VN - VU#446012

BID - 18037

MS - MS06-027

SECUNIA - 20153

XF - word-code-execution(26556)

VUPEN - ADV-2006-1872

OSVDB - 25635

CONFIRM - http://www.microsoft.com/technet/security/advisory/919637.mspx

SECTRACK - 1016130

MISC - http://isc.sans.org/diary.php?storyid=1346

MISC - http://isc.sans.org/diary.php?storyid=1345

MISC - http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx


Last Updated: 27 May 2016 10:42:29