8.8
CVE-2006-2492
- EPSS 48.39%
- Veröffentlicht 20.05.2006 00:02:00
- Zuletzt bearbeitet 16.06.2026 22:25:09
- Quelle cret@cert.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
08.06.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Word Malformed Object Pointer Vulnerability
SchwachstelleMicrosoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 48.39% | 0.987 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
http://isc.sans.org/diary.php?storyid=1345
http://isc.sans.org/diary.php?storyid=1346
http://secunia.com/advisories/20153
http://securitytracker.com/id?1016130
http://www.kb.cert.org/vuls/id/446012
http://www.microsoft.com/technet/security/advisory/919637.mspx
http://www.osvdb.org/25635
http://www.securityfocus.com/bid/18037
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
http://www.vupen.com/english/advisories/2006/1872
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492