Vulnerabilities > CVE-2006-3493 - Unspecified vulnerability in Microsoft Office 2000/2003/Xp
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 12 |
Exploit-Db
| description | Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability. CVE-2006-3493. Dos exploit for windows platform |
| id | EDB-ID:2001 |
| last seen | 2016-01-31 |
| modified | 2006-07-10 |
| published | 2006-07-10 |
| reporter | naveed afzal |
| source | https://www.exploit-db.com/download/2001/ |
| title | Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability |
References
- http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html
- http://marc.info/?l=full-disclosure&m=115231380526820&w=2
- http://marc.info/?l=full-disclosure&m=115261598510657&w=2
- http://securitytracker.com/id?1016453
- http://www.securityfocus.com/archive/1/439649/100/0/threaded
- http://www.securityfocus.com/archive/1/439878/100/0/threaded
- http://www.securityfocus.com/bid/18905
- http://www.vupen.com/english/advisories/2006/2720
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27617