1. CVE-Search
  2. CVE-2006-6456
ID CVE-2006-6456
Summary Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 17-10-2018 - 21:48)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
oval via4
accepted 2015-08-10T04:01:09.826-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Microsoft Word 2000 is installed
    oval oval:org.mitre.oval:def:455
  • comment Microsoft Word 2002 is installed
    oval oval:org.mitre.oval:def:973
  • comment Microsoft Word 2003 is installed
    oval oval:org.mitre.oval:def:475
  • comment Microsoft Word Viewer is installed
    oval oval:org.mitre.oval:def:737
description Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
family windows
id oval:org.mitre.oval:def:746
status accepted
submitted 2007-02-14T09:49:32
title Word Malformed Data Structures Vulnerability
version 5
refmap via4
bid 21518
bugtraq
  • 20061210 Another, different MS Word 0-day vulnerability reported
  • 20061210 Re: Another, different MS Word 0-day vulnerability reported
  • 20061211 The newest Word flaw is due to malformed data structure handling
cert TA07-044A
cert-vn VU#166700
confirm http://blogs.technet.com/msrc/archive/2006/12/10/new-report-of-a-word-zero-day.aspx
fulldisc
  • 20061210 Another, different MS Word 0-day vulnerability reported
  • 20061211 The newest Word flaw is due to malformed data structure handling
misc
osvdb 30825
sectrack
  • 1017358
  • 1017579
secunia 23205
vupen
  • ADV-2006-4920
  • ADV-2007-0435
xf word-unspec-code-execution(30806)
Last major update 17-10-2018 - 21:48
Published 11-12-2006 - 17:28
Last modified 17-10-2018 - 21:48
Back to Top