#VU1179 Buffer overflow in Microsoft products - CVE-2006-3649
Published: November 15, 2016 / Updated: December 5, 2016
Vulnerability identifier: #VU1179
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2006-3649
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft Access
Microsoft Project
Microsoft Office
Microsoft Visio
Microsoft Visual Basic for Applications SDK
Works Suite
Microsoft Access
Microsoft Project
Microsoft Office
Microsoft Visio
Microsoft Visual Basic for Applications SDK
Works Suite
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to buffer overflow. By persuading the victim to open a malicious Office document containing Visual Basic for Applications (VBA) script, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
The weakness is due to buffer overflow. By persuading the victim to open a malicious Office document containing Visual Basic for Applications (VBA) script, a remote attacker can execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Remediation
Microsoft Office 2000 Service Pack 3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=837A4FA9-FABC-4119-9AAF-2C8663029D2B
Microsoft Project 2000 Service Release 1 - https://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90
Microsoft Access 2000 Runtime Service Pack 3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD
Microsoft Office XP Service Pack 3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Project 2002 Service Pack 1 - https://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103
Microsoft Visio 2002 Service Pack 2 - https://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Visual Basic for Applications SDK 6.0 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Visual Basic for Applications SDK 6.2 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Visual Basic for Applications SDK 6.3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Visual Basic for Applications SDK 6.4 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Project 2000 Service Release 1 - https://www.microsoft.com/downloads/details.aspx?FamilyId=744DD25D-B9A7-4E30-B64E-1C9BB0F87D90
Microsoft Access 2000 Runtime Service Pack 3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=ED5A8C40-C592-4299-AFB2-5F0F6E2B1DCD
Microsoft Office XP Service Pack 3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Project 2002 Service Pack 1 - https://www.microsoft.com/downloads/details.aspx?FamilyId=62EF50AA-6061-4185-9713-F8C31B195103
Microsoft Visio 2002 Service Pack 2 - https://www.microsoft.com/downloads/details.aspx?FamilyId=43525B6A-58B7-49C7-88D8-4983D1614A96
Microsoft Works Suite 2004 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Works Suite 2005 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Works Suite 2006 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B26ADC3C-1DB8-46FD-8381-B199EE351E7C
Microsoft Visual Basic for Applications SDK 6.0 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Visual Basic for Applications SDK 6.2 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Visual Basic for Applications SDK 6.3 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3
Microsoft Visual Basic for Applications SDK 6.4 - https://www.microsoft.com/downloads/details.aspx?FamilyId=424DF92A-3CC4-4B72-B2F8-D45ED2A8F4B3