CVE-2006-3649 - Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Mic

CVE-2006-3649

Summary

Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.

References

Vulnerable Configurations

cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.4:*:sdk:*:*:*:*:*
cpe:2.3:a:microsoft:visual_basic:6.4:*:sdk:*:*:*:*:*

CVSS

Base:	5.1 (as of 12-10-2018 - 21:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

oval via4

accepted

2015-08-10T04:01:08.526-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name Clifford Farrugia
organization GFI Software
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	Microsoft Visual Basic 6.0 is installed
oval	oval:org.mitre.oval:def:15369

description

family

windows

oval:org.mitre.oval:def:694

status

accepted

submitted

2006-08-11T12:53:40

title

Visual Basic for Applications Vulnerability

version

refmap via4

bid	19414
cert	TA06-220A
cert-vn	VU#159484
sectrack	1016656
secunia	21408
vupen	ADV-2006-3214

Last major update

12-10-2018 - 21:40

Published

09-08-2006 - 00:04

Last modified

12-10-2018 - 21:40