Lucene search

[email protected]NVD:CVE-2006-3493

HistoryJul 10, 2006 - 10:05 p.m.

CVE-2006-3493

2006-07-1022:05:00

[email protected]

web.nvd.nist.gov

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.26

Percentile

96.7%

JSON

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

Affected configurations

Nvd

Node

microsoftofficeMatch2000

microsoftofficeMatch2000sp1

microsoftofficeMatch2000sp2

microsoftofficeMatch2000sp3

microsoftofficeMatch2003

microsoftofficeMatch2003sp1

microsoftofficeMatch2003sp2

microsoftofficeMatch2003sp3

microsoftofficeMatchxp

microsoftofficeMatchxpsp1

microsoftofficeMatchxpsp2

microsoftofficeMatchxpsp3

VendorProductVersionCPE
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
microsoftofficexpcpe:2.3:a:microsoft:office:xp:*:*:*:*:*:*:*
microsoftofficexpcpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office	2000	cpe:2.3:a:microsoft:office:2000:::::::*
microsoft	office	2000	cpe:2.3:a:microsoft:office:2000:sp1::::::
microsoft	office	2000	cpe:2.3:a:microsoft:office:2000:sp2::::::
microsoft	office	2000	cpe:2.3:a:microsoft:office:2000:sp3::::::
microsoft	office	2003	cpe:2.3:a:microsoft:office:2003:::::::*
microsoft	office	2003	cpe:2.3:a:microsoft:office:2003:sp1::::::
microsoft	office	2003	cpe:2.3:a:microsoft:office:2003:sp2::::::
microsoft	office	2003	cpe:2.3:a:microsoft:office:2003:sp3::::::
microsoft	office	xp	cpe:2.3:a:microsoft:office:xp:::::::*
microsoft	office	xp	cpe:2.3:a:microsoft:office:xp:sp1::::::

Rows per page:

1-10 of 121

References

blogs.technet.com/msrc/archive/2006/07/10/441006.aspx

lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html

marc.info/?l=full-disclosure&m=115231380526820&w=2

marc.info/?l=full-disclosure&m=115261598510657&w=2

securitytracker.com/id?1016453

www.securityfocus.com/archive/1/439649/100/0/threaded

www.securityfocus.com/archive/1/439878/100/0/threaded

www.securityfocus.com/bid/18905

www.vupen.com/english/advisories/2006/2720

exchange.xforce.ibmcloud.com/vulnerabilities/27617

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

7.3

Confidence

High

EPSS

0.26

Percentile

96.7%

JSON

Related for NVD:CVE-2006-3493

cve2 checkpoint_advisories1 cvelist2 exploitdb1 nvd1