Vulnerabilities > CVE-2006-2389 - Unspecified vulnerability in Microsoft Office 2000/2003/Xp

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
microsoft
critical
nessus
exploit available
NVD
Published: 2006-07-11
Updated: 2018-10-12

Summary

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.

Vulnerable Configurations

Part Description Count
Application
Microsoft
4

Exploit-Db

descriptionMicrosoft Office 2000/2002 Property Code Execution Vulnerability. CVE-2006-2389. Remote exploit for windows platform
idEDB-ID:28198
last seen2016-02-03
modified2006-07-11
published2006-07-11
reporteranonymous
sourcehttps://www.exploit-db.com/download/28198/
titleMicrosoft Office 2000/2002 Property Code Execution Vulnerability

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_MS_06-037.NASL
    descriptionThe remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel or another Office application.
    last seen2020-03-18
    modified2006-07-11
    plugin id22025
    published2006-07-11
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22025
    titleMS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X)
  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS06-038.NASL
    descriptionThe remote host is running a version of Microsoft Office that could allow arbitrary code to be run on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Office.
    last seen2020-06-01
    modified2020-06-02
    plugin id22032
    published2006-07-11
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22032
    titleMS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)

Oval

accepted2012-05-28T04:01:37.400-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameMatthew Wojcik
    organizationThe MITRE Corporation
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameJeff Cheng
    organizationHewlett-Packard
  • nameDragos Prisaca
    organizationSecure Elements, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft Office 2000 is installed
    ovaloval:org.mitre.oval:def:93
  • commentMicrosoft Office XP is installed
    ovaloval:org.mitre.oval:def:663
  • commentMicrosoft Office 2003 is installed
    ovaloval:org.mitre.oval:def:233
  • commentMicrosoft Project 2000 SR1 is installed
    ovaloval:org.mitre.oval:def:518
  • commentMicrosoft Project 2002 SP1 is installed
    ovaloval:org.mitre.oval:def:707
  • commentMicrosoft Office Visio 2002 SP2 is installed
    ovaloval:org.mitre.oval:def:692
  • commentMicrosoft Word Viewer is installed
    ovaloval:org.mitre.oval:def:737
  • commentMicrosoft Excel Viewer 2003 is installed
    ovaloval:org.mitre.oval:def:439
descriptionUnspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
familywindows
idoval:org.mitre.oval:def:279
statusaccepted
submitted2006-07-25T12:05:33
titleMicrosoft Office Property Vulnerability
version13

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/93302/mop-exec.txt
idPACKETSTORM:93302
last seen2016-12-05
published2010-08-30
reporterAbhishek Lyall
sourcehttps://packetstormsecurity.com/files/93302/Microsoft-Office-Property-Code-Execution.html
titleMicrosoft Office Property Code Execution

Seebug

  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:81775
    last seen2017-11-19
    modified2014-07-01
    published2014-07-01
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-81775
    titleMicrosoft Office 2000/2002 Property Code Execution Vulnerability
  • bulletinFamilyexploit
    descriptionNo description provided by source.
    idSSV:20083
    last seen2017-11-19
    modified2010-09-02
    published2010-09-02
    reporterRoot
    sourcehttps://www.seebug.org/vuldb/ssvid-20083
    titleMicrosoft Office Property Code Execution exploit (CVE-2006-2389)

References