⚠ Actively exploited
Added to CISA KEV on 2022-06-08. Federal agencies required to patch by 2022-06-22. Required action: Apply updates per vendor instructions..

CVE-2006-2492Classic Buffer Overflow in Microsoft Works Suite

CWE-120Classic Buffer Overflow4 documents4 sources
Severity
8.8HIGHNVD
EPSS
74.1%
top 1.16%
CISA KEV
KEV
Added 2022-06-08
Due 2022-06-22
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Microsoft Works SuiteMicrosoft Office
Timeline
PublishedMay 20
KEV addedJun 8
KEV dueJun 22
CISA Required Action: Apply updates per vendor instructions.

Description

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDmicrosoft/office2000, 2003, xp+2
NVDmicrosoft/works_suite20002006

Patches

Patch: secunia.comPatch: www.microsoft.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-pvcc-qqxr-p978: Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-ass2022-05-01
VulnCheck
Microsoft Word Malformed Object Pointer Vulnerability2006

📋Vendor Advisories

1
CISA
Microsoft Word Malformed Object Pointer Vulnerability2022-06-08
CVE-2006-2492 — Classic Buffer Overflow in Microsoft | cvebase