#VU1175 Remote code execution


Published: 2016-11-15 | Updated: 2021-10-09

Vulnerability identifier: #VU1175

Vulnerability risk: Critical

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2006-2492

CWE-ID: CWE-120

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Word Viewer
Client/Desktop applications / Office applications
Microsoft Office
Client/Desktop applications / Office applications
Works Suite
Client/Desktop applications / Other client software

Vendor:
Microsoft

Description
The vulnerability allows a remote user to execute arbitrary code on the target system.

The weakness is due to buffer overflow. By persuading the victim to open a specially crafted Word file containing a malformed object pointer, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.

Note: this vulnerability was being actively exploited.

Mitigation
Microsoft Office 2000 Service Pack 3
Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD

Microsoft Office XP Service Pack 3
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C

Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=ADEA09B4-481A-4908-8B77-0630AC679CAC
Microsoft Word Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=6089B843-61FF-469F-A38B-BD4FFEFF0552

Microsoft Works Suites:
Microsoft Works Suite 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD
Microsoft Works Suite 2001 - https://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD
Microsoft Works Suite 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C

Vulnerable software versions

:

Word Viewer: 2003

Works Suite: 2000 - 2006

Microsoft Office:

External links
http://technet.microsoft.com/en-us/library/security/ms06-027.aspx

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Remote code execution in Microsoft Word