CVE-2006-0001 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Office

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.3CRITICALNVD

EPSS

73.2%

top 1.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office Microsoft Publisher

Timeline

PublishedSep 12

Latest updateMay 1

Description

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/publisher2000, 2002, 2003+2

▶NVDmicrosoft/office2000, 2003, xp+2

Patches

Patch: secunia.com ↗Patch: www.computerterrorism.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-crpw-9pqh-hv2j: Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB↗2022-05-01

▶

CVEList

CVE-2006-0001: Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB↗2006-09-12

▶

💥Exploits & PoCs

Exploit-DB

Alt-N MDaemon 8.1.1 IMAP Server - Remote Format String↗2006-02-27

▶