CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-2492

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score87.7990%
EPSS Percentile93.33th
Published2006年5月20日
Last Modified2026年4月16日

Vulnerability Description

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

Affected Platforms (CPE)

📦
Microsoft

Office

= 2000
📦
Microsoft

Office

= 2003
📦
Microsoft

Office

= 2003
📦
Microsoft

Office

= xp
📦
Microsoft

Works Suite

>= 2000 and <= 2006

References & Advisories

🔗 http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
🔗 http://isc.sans.org/diary.php?storyid=1345
🔗 http://isc.sans.org/diary.php?storyid=1346
🔗 http://secunia.com/advisories/20153
🔗 http://securitytracker.com/id?1016130
🔗 http://www.kb.cert.org/vuls/id/446012
🔗 http://www.microsoft.com/technet/security/advisory/919637.mspx
🔗 http://www.osvdb.org/25635

相关漏洞威胁

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...