CVE-2006-2492
high-risk
Published 2006-05-20
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
Do I need to act?
!
77.8% chance of exploitation in next 30 days
EPSS score — higher than 22% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Products (5)
Affected Vendors
References (35)
Broken Link
http://secunia.com/advisories/20153
Broken Link
http://securitytracker.com/id?1016130
Third Party Advisory
http://www.kb.cert.org/vuls/id/446012
Broken Link
http://www.osvdb.org/25635
Broken Link
http://www.securityfocus.com/bid/18037
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
and 15 more references
69
/ 100
high-risk
Severity
30/34 · Critical
Exploitability
27/34 · High
Exposure
12/34 · Low