CVE-2006-2492
published 2006-05-20CVE-2006-2492: Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted…
PriorityP277high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-06-22
Exploited in the wild
EPSS
48.39%
98.7th percentile
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | works_suite | 2000 – 2006 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is triggered via a malformed object pointer in a Microsoft Word document file; inspect Word documents for anomalous object pointer structures ↗
- →This was actively exploited as a zero-day in the wild; treat any suspicious Word documents from around May 2006 with heightened scrutiny ↗
- →Attack requires user interaction (user-assisted); phishing or social engineering delivery of malicious Word documents is the expected attack vector ↗
- ·Affected products span multiple Office suites and versions; ensure coverage includes all listed products when applying detections ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vulncheck8.8HIGH
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Word up to 2003 backdoor (VU#446012 / Nessus ID 21690)
vuldb·2026-04-22·CVSS 8.8
CVE-2006-2492 [HIGH] Microsoft Word up to 2003 backdoor (VU#446012 / Nessus ID 21690)
A vulnerability described as critical has been identified in Microsoft Word up to 2003. This affects an unknown function. Such manipulation leads to backdoor.
This vulnerability is uniquely identified as CVE-2006-2492. The attack can be launched remotely. Moreover, an exploit is present.
It is recommended to use an alternative to replace the affected component.
VulDB
Microsoft Word up to 2003 DOC Document backdoor (MS06-027 / VU#446012)
vuldb·2026-04-22·CVSS 8.8
CVE-2006-2492 [HIGH] Microsoft Word up to 2003 DOC Document backdoor (MS06-027 / VU#446012)
A vulnerability marked as critical has been reported in Microsoft Word up to 2003. Impacted is an unknown function of the component DOC Document Handler. This manipulation causes backdoor.
This vulnerability appears as CVE-2006-2492. The attack may be initiated remotely. In addition, an exploit is available.
Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-pvcc-qqxr-p978: Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-ass
ghsa_unreviewed·2022-05-01
CVE-2006-2492 [HIGH] CWE-120 GHSA-pvcc-qqxr-p978: Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-ass
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
VulnCheck
Microsoft Word Malformed Object Pointer Vulnerability
vulncheck·2006·CVSS 8.8
CVE-2006-2492 [HIGH] CWE-120 Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word Malformed Object Pointer Vulnerability
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Affected: Microsoft Word
Required Action: Apply updates per vendor instructions.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2022-06-22
CISA
Microsoft Word Malformed Object Pointer Vulnerability
cisa·2022-06-08·CVSS 8.8
CVE-2006-2492 [HIGH] CWE-120 Microsoft Word Malformed Object Pointer Vulnerability
Vulnerability: Microsoft Word Malformed Object Pointer Vulnerability
Affected: Microsoft Word
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2006-2492
Remediation Due Date: 2022-06-22
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspxhttp://isc.sans.org/diary.php?storyid=1345http://isc.sans.org/diary.php?storyid=1346http://secunia.com/advisories/20153http://securitytracker.com/id?1016130http://www.kb.cert.org/vuls/id/446012http://www.microsoft.com/technet/security/advisory/919637.mspxhttp://www.osvdb.org/25635http://www.securityfocus.com/bid/18037http://www.us-cert.gov/cas/techalerts/TA06-139A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-164A.htmlhttp://www.vupen.com/english/advisories/2006/1872https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027https://exchange.xforce.ibmcloud.com/vulnerabilities/26556https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspxhttp://isc.sans.org/diary.php?storyid=1345http://isc.sans.org/diary.php?storyid=1346http://secunia.com/advisories/20153http://securitytracker.com/id?1016130http://www.kb.cert.org/vuls/id/446012http://www.microsoft.com/technet/security/advisory/919637.mspxhttp://www.osvdb.org/25635http://www.securityfocus.com/bid/18037http://www.us-cert.gov/cas/techalerts/TA06-139A.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-164A.htmlhttp://www.vupen.com/english/advisories/2006/1872https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027https://exchange.xforce.ibmcloud.com/vulnerabilities/26556https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492
2006-05-20
Published
2022-06-08
Added to CISA KEV
Exploited in the wild