← back
CVE-2006-2492

CVE-2006-2492

CVSS 8.8 HIGHEPSS 48.4%● KEVCWE-120
In short

Microsoft Word has a buffer overflow vulnerability that allows attackers to run malicious code if a user opens a specially crafted document. This happens when Word incorrectly handles a malformed object pointer, potentially compromising the user's computer.

Technical detail

Buffer overflow in Microsoft Word's object pointer handling (CWE-120) affects multiple Office versions (2000 SP3, XP SP3, 2003 SP1/SP2) and Works Suites through 2006. Exploitation requires user interaction to open a malformed document; successful exploitation leads to arbitrary code execution with user privileges.

Summary generated and translated by AI from the official description.
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspxhttp://isc.sans.org/diary.php?storyid=1345http://isc.sans.org/diary.php?storyid=1346https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027http://secunia.com/advisories/20153http://securitytracker.com/id?1016130https://exchange.xforce.ibmcloud.com/vulnerabilities/26556https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492http://www.kb.cert.org/vuls/id/446012