Multiple vulnerabilities in Microsoft Word



Published: 2006-10-10 | Updated: 2016-12-05
Risk Critical
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2006-3651
CVE-2006-4534
CVE-2006-4693
CVE-2006-3647
CWE-ID CWE-119
Exploitation vector Network
Public exploit Vulnerability #2 is being exploited in the wild.
Vulnerable software
Subscribe
Word Viewer
Client/Desktop applications / Office applications

Microsoft Office
Client/Desktop applications / Office applications

Microsoft Office for Mac
Client/Desktop applications / Office applications

Works Suite
Client/Desktop applications / Other client software

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

This bulletin contains 4 vulnerabilities in Microsoft Word, which could be used to execute arbitrary code on the target system.

1) Buffer overflow

EUVDB-ID: #VU1204

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-3651

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to a boundary error. By persuading the victim to load and open a Word document containing a specially crafted mail merge file, a remote attacker can execute arbitrary code with privileges of the current user.

Successful exploitation of the vulnerability results in compromise of vulnerable system.


Mitigation

Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A
Microsoft Office Word 2003 Viewer - https://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D


Vulnerable software versions

Word Viewer: 2003

: 2000 - 2003

Works Suite: 2004 - 2006

Microsoft Office: 2000 Service Pack 3 - XP

External links

http://technet.microsoft.com/en-us/library/security/ms06-060.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Buffer overflow

EUVDB-ID: #VU1181

Risk: Critical

CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2006-4534

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to stack-based buffer overflow. By persuading the victim to load and open a specially crafted Word document containing a malformed string, a remote attacker can execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Mitigation

Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A
Microsoft Office Word 2003 Viewer - https://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D

Vulnerable software versions

Word Viewer: 2003

: 2000 - 2003

Works Suite: 2004 - 2006

Microsoft Office: 2000 Service Pack 3 - XP

External links

http://technet.microsoft.com/en-us/library/security/ms06-060.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

3) Buffer overflow

EUVDB-ID: #VU1205

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-4693

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to buffer overflow. An attacker could exploit this vulnerability when Word for Mac parses a specially crafted file that contains a malformed string.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system. 

Mitigation

Microsoft Office 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Office v. X for Mac - https://www.microsoft.com/mac/

Vulnerable software versions

Microsoft Office for Mac: 2004 - v.X

External links

http://technet.microsoft.com/en-us/library/security/ms06-060.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Buffer overflow

EUVDB-ID: #VU1203

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2006-3647

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to buffer overflow. By persuading the victim to load and open a specially crafted Word document containing a malformed string, a remote attacker can execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system. 

Mitigation

Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=CFC85449-4941-4DA5-A919-1DA388054E83
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=30C516EB-BD63-4248-A34D-47AF7E9EA55A
Microsoft Office Word 2003 Viewer - https://www.microsoft.com/downloads/details.aspx?FamilyId=EB230319-14A5-4206-A601-CF9DDE89352A
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5652303E-04B3-4713-AF2E-2C8D2450468D
Microsoft Office 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Office v. X for Mac - https://www.microsoft.com/mac/

Vulnerable software versions

Word Viewer: 2003

: 2000 - 2003

Works Suite: 2004 - 2006

Microsoft Office for Mac: 2004 - v.X

Microsoft Office: 2000 Service Pack 3 - XP

External links

http://technet.microsoft.com/en-us/library/security/ms06-060.aspx


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to visit a specially crafted website or open a file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###