CVE-2006-2492
KEV
🔴 Łataj teraz
Przepełnienie bufora w Microsoft Word umożliwia zdalne wykonanie kodu przez użytkownika.
CVSS
8.8
EPSS
74.1%
Exploit
weaponized
Vendor
microsoft
Opis źródłowy (NVD)
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 8.8 |
| CISA KEV (aktywnie wykorzystywane) | Tak |
| FIRST EPSS (prawdopodobieństwo exploita) | 74.1% |
| Opublikowano (NVD) | 2006-05-20 00:02:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-16 14:02:14 UTC |
Referencje
- http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx (cret@cert.org) [Broken Link]
- http://isc.sans.org/diary.php?storyid=1345 (cret@cert.org) [Exploit]
- http://isc.sans.org/diary.php?storyid=1346 (cret@cert.org) [Exploit]
- http://secunia.com/advisories/20153 (cret@cert.org) [Broken Link, Patch, Vendor Advisory]
- http://securitytracker.com/id?1016130 (cret@cert.org) [Broken Link, Third Party Advisory, VDB Entry]
- http://www.kb.cert.org/vuls/id/446012 (cret@cert.org) [Third Party Advisory, US Government Resource]
- http://www.microsoft.com/technet/security/advisory/919637.mspx (cret@cert.org) [Broken Link, Patch, Vendor Advisory]
- http://www.osvdb.org/25635 (cret@cert.org) [Broken Link]
- http://www.securityfocus.com/bid/18037 (cret@cert.org) [Broken Link, Patch, Third Party Advisory, VDB Entry]
- http://www.us-cert.gov/cas/techalerts/TA06-139A.html (cret@cert.org) [Broken Link, Third Party Advisory, US Government Resource]
- http://www.us-cert.gov/cas/techalerts/TA06-164A.html (cret@cert.org) [Broken Link, Third Party Advisory, US Government Resource]
- http://www.vupen.com/english/advisories/2006/1872 (cret@cert.org) [Broken Link]
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027 (cret@cert.org) [Patch, Vendor Advisory]
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26556 (cret@cert.org) [Third Party Advisory, VDB Entry]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418 (cret@cert.org) [Broken Link]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738 (cret@cert.org) [Broken Link]
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068 (cret@cert.org) [Broken Link]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [US Government Resource]