CVE-2006-3647Microsoft Office vulnerability

CWE-1896 documents2 sources
Severity
9.3CRITICALNVD
EPSS
10.1%
top 6.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft OfficeMicrosoft Word
Timeline
PublishedOct 10
Latest updateMay 1

Description

Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/word2000, 2002, 2004+2
NVDmicrosoft/office5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-jvm5-r77x-76rj: Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v2022-05-01
GHSA
GHSA-3r8h-jcwq-8f2x: Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted2022-05-01
GHSA
GHSA-ww5x-f933-5h4w: Unspecified vulnerability in Microsoft Word 2004 for Mac and v2022-05-01
CVE-2006-3647 — Microsoft Office vulnerability | cvebase