CVE-2006-6561

EXPLOITED

Microsoft Word 2000, 2002 and Word Viewer 2003 - Remote Code Execution via Crafted DOC File

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-6561 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit.

AI-analyzed exploit summary The provided text describes a two-stage memory corruption vulnerability in Microsoft Word (CVE-2006-6561), detailing specific memory offsets and values used to trigger a crash or potential pointer overwrite. It includes a reference to a PoC document but does not contain functional exploit code.

Description

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.

Exploits (1)

exploitdb WRITEUP
doswindows
https://www.exploit-db.com/exploits/2922

The provided text describes a two-stage memory corruption vulnerability in Microsoft Word (CVE-2006-6561), detailing specific memory offsets and values used to trigger a crash or potential pointer overwrite. It includes a reference to a PoC document but does not contain functional exploit code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Word (specific version not specified)
No auth needed
Prerequisites: Victim opens a maliciously crafted Word document
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (12)

Core 12
Core References
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21589
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017390
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/454219/30/0/threaded
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/996892
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4997
Various Sources x_refsource_misc
http://blogs.securiteam.com/?p=763
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30885
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A332

Scores

EPSS 0.7143
EPSS Percentile 98.8%

Details

VulnCheck KEV 2007-02-13
Status published
Products (11)
microsoft/office 2000 sp3
microsoft/office 2003 sp2
microsoft/office 2004
microsoft/office xp sp3
microsoft/word 2000
microsoft/word 2002
microsoft/word 2003
microsoft/word_viewer 2003
microsoft/works 2004
microsoft/works 2005
... and 1 more
Published Dec 14, 2006
Tracked Since Feb 18, 2026