Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2006-3651 CVE-2006-4534 CVE-2006-4693 CVE-2006-3647 |
CWE-ID | CWE-119 |
Exploitation vector | Network |
Public exploit | Vulnerability #2 is being exploited in the wild. |
Vulnerable software |
Word Viewer Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Other Works Suite Client/Desktop applications / Other client software |
Vendor |
Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
This bulletin contains 4 vulnerabilities in Microsoft Word, which could be used to execute arbitrary code on the target system.
EUVDB-ID: #VU1204
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3651
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to a boundary error. By persuading the victim to load and open a Word document containing a specially crafted mail merge file, a remote attacker can execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A
Microsoft Office Word 2003 Viewer - https://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Word Viewer: 2003
: 2000 - 2003
Works Suite: 2004 - 2006
Microsoft Office: XP - 2003
CPE2.3http://technet.microsoft.com/en-us/library/security/ms06-060.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1181
Risk: Critical
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2006-4534
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to stack-based buffer overflow. By persuading the victim to load and open a specially crafted Word document containing a malformed string, a remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A
Microsoft Office Word 2003 Viewer - https://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Word Viewer: 2003
: 2000 - 2003
Works Suite: 2004 - 2006
Microsoft Office: XP - 2003
CPE2.3http://technet.microsoft.com/en-us/library/security/ms06-060.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU1205
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-4693
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to buffer overflow. An attacker could exploit this vulnerability when Word for Mac parses a specially crafted file that contains a malformed string.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Microsoft Office 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Office v. X for Mac - https://www.microsoft.com/mac/
Microsoft Office for Mac: v.X - 2004
CPE2.3http://technet.microsoft.com/en-us/library/security/ms06-060.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1203
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3647
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to buffer overflow. By persuading the victim to load and open a specially crafted Word document containing a malformed string, a remote attacker can execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A
Microsoft Office Word 2003 Viewer - https://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Office 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Office v. X for Mac - https://www.microsoft.com/mac/
Word Viewer: 2003
: 2000 - 2003
Works Suite: 2004 - 2006
Microsoft Office for Mac: v.X - 2004
Microsoft Office: XP - 2003
CPE2.3http://technet.microsoft.com/en-us/library/security/ms06-060.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.