CVE-2006-2492 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2006-2492?

CVE-2006-2492 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-2492?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Works Suite.

Vulnerability Description

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Microsoft	Office	2000
Microsoft	Works Suite	>= 2000, <= 2006

Related Weaknesses (CWE)

CWE-120

References

http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspxBroken Link
http://isc.sans.org/diary.php?storyid=1345Exploit
http://isc.sans.org/diary.php?storyid=1346Exploit
http://secunia.com/advisories/20153Broken LinkPatchVendor Advisory
http://securitytracker.com/id?1016130Broken LinkThird Party AdvisoryVDB Entry
http://www.kb.cert.org/vuls/id/446012Third Party AdvisoryUS Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspxBroken LinkPatchVendor Advisory
http://www.osvdb.org/25635Broken Link
http://www.securityfocus.com/bid/18037Broken LinkPatchThird Party Advisory
http://www.us-cert.gov/cas/techalerts/TA06-139A.htmlBroken LinkThird Party AdvisoryUS Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.htmlBroken LinkThird Party AdvisoryUS Government Resource
http://www.vupen.com/english/advisories/2006/1872Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-02PatchVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556Third Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link

FAQ

What is CVE-2006-2492?

CVE-2006-2492 is a vulnerability with a CVSS score of 8.8 (HIGH). Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a ma...

How severe is CVE-2006-2492?

CVE-2006-2492 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-2492?

Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Office, Microsoft Works Suite.