Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:921300
HistoryOct 12, 2006 - 12:00 a.m.

Microsoft Word vulnerable to remote code execution

2006-10-1200:00:00
www.kb.cert.org
17

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.621 Medium

EPSS

Percentile

97.8%

JSON

Overview

A remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file.

Description

Microsoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file is opened by Word.

More information and a list of affected versions is available in Microsoft Security Bulletin MS06-060.

Impact

A remote attacker who can successfully convince the user to open the specially crafted mail merge file may be able to execute arbitrary code with the privileges of the local user.

Solution

Apply an update

Microsoft has released updates in Mircosoft Security Bulletin MS06-060 to address this issue.

Workar****ound

Microsoft has supplied the following workaround for this vulnerability:

Do not open or save Microsoft Word files that you receive from untrusted sources or that you received unexpectedly from trusted sources.

Vendor Information

921300

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Updated: October 10, 2006

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

Microsoft Corporation has published Microsoft Security Bulletin MS06-060 in response to this issue. Users are encouraged to review this bulletin and apply the referenced patches

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23921300 Feedback>).

CVSS Metrics

Group Score Vector
Base
Temporal
Environmental

References

<http://www.microsoft.com/technet/security/bulletin/ms06-060.mspx&gt;

Acknowledgements

Thanks to Microsoft Security for reporting this vulnerability in Microsoft Security Bulletin MS06-060.

This document was written by Katie Steiner.

Other Information

CVE IDs: CVE-2006-3651
Severity Metric: 2.52 Date Public:

Related

nvd 3
cvelist 3
cve 3
nessus 2
securityvulns 1
nvd
nvd
CVE-2006-3651
2006-10-10 22:07:00
CVE-2006-4693
2006-10-10 22:07:00
CVE-2006-3647
2006-10-10 22:07:00
cvelist
cvelist
CVE-2006-3647
2006-10-10 22:00:00
CVE-2006-3651
2006-10-10 22:00:00
CVE-2006-4693
2006-10-10 22:00:00
cve
cve
CVE-2006-4693
2006-10-10 22:07:00
CVE-2006-3647
2006-10-10 22:07:00
CVE-2006-3651
2006-10-10 22:07:00
nessus
nessus
MS06-060: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
2006-10-10 00:00:00
MS06-058 / MS06-059 / MS06-0060 / MS06-062: Vulnerabilities in Microsoft Office Allow Remote Code Execution (924163 / 924164 / 924554 / 922581) (Mac OS X)
2006-10-11 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-060 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution &#40;924554&#41;
2006-10-11 00:00:00

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.621 Medium

EPSS

Percentile

97.8%

JSON
Related for VU:921300
nvd3cvelist3cve3nessus2securityvulns1