#VU1175 Remote code execution in Microsoft products - CVE-2006-2492
Vulnerability identifier: #VU1175
Vulnerability risk: Critical
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID:
CWE-ID:
CWE-120
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Word Viewer
Client/Desktop applications /
Office applications
Microsoft Office
Client/Desktop applications /
Office applications
Works Suite
Client/Desktop applications /
Other client software
Vendor:
Microsoft
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to buffer overflow. By persuading the victim to open a specially crafted Word file containing a malformed object pointer, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Mitigation
Microsoft Office 2000 Service Pack 3
Microsoft Word 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD
Microsoft Office XP Service Pack 3
Microsoft Word 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Office 2003 Service Pack 1 or Service Pack 2
Microsoft Word 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=ADEA09B4-481A-4908-8B77-0630AC679CAC
Microsoft Word Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=6089B843-61FF-469F-A38B-BD4FFEFF0552
Microsoft Works Suites:
Microsoft Works Suite 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD
Microsoft Works Suite 2001 - https://www.microsoft.com/downloads/details.aspx?FamilyId=507D97B5-8B20-41B2-AE8B-27F2BF5198CD
Microsoft Works Suite 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=4CDE644B-BE05-4680-B0EF-DF563095563C
Vulnerable software versions
: 2000, 2002, 2003
Word Viewer: 2003
Works Suite: 2000 - 2006
Microsoft Office: XP, 2000 Service Pack 3, 2003
External links
http://technet.microsoft.com/en-us/library/security/ms06-027.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
