CVE-2006-2492
HIGH KEVMicrosoft Office Buffer Overflow via Malformed Object Pointer
Title source: llmExploitation Summary
CVE-2006-2492 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 8, 2022.
Description
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
References (18)
Core 18
Core References
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492
Patch, Vendor Advisory vendor-advisory
x_refsource_ms
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068
Exploit x_refsource_misc
http://isc.sans.org/diary.php?storyid=1345
Broken Link vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25635
Broken Link, Patch, Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/919637.mspx
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738
Exploit x_refsource_misc
http://isc.sans.org/diary.php?storyid=1346
Broken Link, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1872
Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18037
Broken Link, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20153
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/446012
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016130
Broken Link vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418
Broken Link, Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
Broken Link x_refsource_misc
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
Scores
CVSS v3
8.8
EPSS
0.7906
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-06-08
VulnCheck KEV
2006-06-13
InTheWild.io
2009-07-31
ENISA EUVD
EUVD-2006-2492
CWE
CWE-120
Status
published
Products (4)
microsoft/office
2000 sp3
microsoft/office
2003 sp1 (2 CPE variants)
microsoft/office
xp sp3
microsoft/works_suite
2000 - 2006
Published
May 20, 2006
KEV Added
Jun 08, 2022
Tracked Since
Feb 18, 2026