CVE-2006-2492

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published May 20, 2006

Updated: Dec 19, 2024

CWE ID 120

Summary

CVE-2006-2492 is a buffer overflow vulnerability affecting various versions of Microsoft Word and Microsoft Works Suites, including Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and Sp2. This issue, reported by the SANS Institute (ISC) on May 19, 2006, allows user-assisted attackers to execute arbitrary code by manipulating object pointers in a malformed file. Exploitation requires users to open a specifically crafted document, increasing the risk for potential attacks through email or web downloads. Microsoft released patches to address this zero-day vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft Office

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners