CVE-2006-4534 — Microsoft Office vulnerability

3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

46.7%

top 2.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Office

Timeline

PublishedSep 5

Latest updateMay 1

Description

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDmicrosoft/office2000, 2001, 2003+2

Patches

Patch: support.microsoft.com ↗Patch: www.microsoft.com ↗Patch: support.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-22r5-83g8-x228: Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecifie↗2022-05-01

▶

VulnCheck

Microsoft Word Malformed Stack Vulnerability↗2006

▶