cbcvebase.
CVE-2006-3493
published 2006-07-10

CVE-2006-3493: Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003…

PriorityP431medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
40.41%
98.5th percentile
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

Affected

6 ranges
VendorProductVersion rangeFixed in
microsoftoffice
microsoftoffice
microsoftoffice
microsoftpowerpoint
microsoftpowerpoint
microsoftpowerpoint

Detection & IOCsextracted from sources · hover to see the quote

bytes
D0 CF 11 E0 A1 B1 1A E1
  • CVE-2006-3590 (related issue) was exploited in the wild by Trojan.PPDropper.B via a malformed shape container in a PPT file leading to memory corruption in mso.dll; hunt for PPT files with anomalous shape container structures.
  • The proof-of-concept .DOC file uses a Compound Document (OLE2) header magic bytes D0 CF 11 E0 A1 B1 1A E1 with embedded EMBED Equation.3 objects; detect .DOC files containing multiple 'EMBED Equation.3' field instructions as a suspicious indicator.
  • No user interaction beyond opening the file is required to trigger the vulnerability; alert on mso.dll access violations spawned from winword.exe or powerpnt.exe process context.

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.