Vulnerabilities > CVE-2006-2492 - Remote Code Execution vulnerability in Microsoft Word 2003
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-027.NASL |
description | The remote host is running a version of Microsoft Word that is subject to a flaw that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the font parsing handler would result in code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21690 |
published | 2006-06-13 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21690 |
title | MS06-027: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (917336) |
Oval
accepted 2012-05-28T04:00:44.640-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. family windows id oval:org.mitre.oval:def:1418 status accepted submitted 2006-06-14T09:55:00.000-04:00 title Microsoft Word2003 Malformed Object Pointer Vulnerability version 4 accepted 2012-05-28T04:01:21.883-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. family windows id oval:org.mitre.oval:def:1738 status accepted submitted 2006-06-14T09:55:00.000-04:00 title Microsoft Word2002 Malformed Object Pointer Vulnerability version 4 accepted 2012-05-28T04:01:29.081-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. family windows id oval:org.mitre.oval:def:2068 status accepted submitted 2006-06-14T09:55:00.000-04:00 title Microsoft Word2000 Malformed Object Pointer Vulnerability version 4
References
- http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
- http://isc.sans.org/diary.php?storyid=1345
- http://isc.sans.org/diary.php?storyid=1346
- http://secunia.com/advisories/20153
- http://securitytracker.com/id?1016130
- http://www.kb.cert.org/vuls/id/446012
- http://www.microsoft.com/technet/security/advisory/919637.mspx
- http://www.osvdb.org/25635
- http://www.securityfocus.com/bid/18037
- http://www.us-cert.gov/cas/techalerts/TA06-139A.html
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html
- http://www.vupen.com/english/advisories/2006/1872
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068