Vulnerability Description
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Visual Basic | 6.2 |
References
- http://secunia.com/advisories/21408
- http://securitytracker.com/id?1016656
- http://www.kb.cert.org/vuls/id/159484PatchUS Government Resource
- http://www.securityfocus.com/bid/19414
- http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlPatchUS Government Resource
- http://www.vupen.com/english/advisories/2006/3214
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-04
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/21408
- http://securitytracker.com/id?1016656
- http://www.kb.cert.org/vuls/id/159484PatchUS Government Resource
- http://www.securityfocus.com/bid/19414
- http://www.us-cert.gov/cas/techalerts/TA06-220A.htmlPatchUS Government Resource
- http://www.vupen.com/english/advisories/2006/3214
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-04
FAQ
What is CVE-2006-3649?
CVE-2006-3649 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, ...
How severe is CVE-2006-3649?
CVE-2006-3649 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3649?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Visual Basic.