CVE-2006-3493

Microsoft Office <2003 - Buffer Overflow

Title source: llm

Description

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

Exploits (1)

exploitdb WORKING POC VERIFIED

by naveed afzal · cdoswindows

https://www.exploit-db.com/exploits/2001

View Code ZIP pw:eip

References (10)

[Exploit] http://www.securityfocus.com/bid/18905

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/439649/100/0/threaded

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1016453

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/2720

[Mailing List] http://marc.info/?l=full-disclosure&m=115231380526820&w=2

[Mailing List] http://marc.info/?l=full-disclosure&m=115261598510657&w=2

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27617

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/439878/100/0/threaded

[Various Sources] http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx

Scores

EPSS 0.5769

EPSS Percentile 98.2%

Details

Status published

Products (3)

microsoft/office 2000 (4 CPE variants)

microsoft/office 2003 (4 CPE variants)

microsoft/office xp (4 CPE variants)

Published Jul 10, 2006

Tracked Since Feb 18, 2026