Lucene search

[email protected]CVE-2006-4534

HistorySep 05, 2006 - 5:04 p.m.

CVE-2006-4534

2006-09-0517:04:00

[email protected]

web.nvd.nist.gov

microsoft word

office 2000

office 2002

office 2003

cve-2006-4534

remote code execution

vulnerability

malware

exploit

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.611 Medium

EPSS

Percentile

97.8%

JSON

Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.

Affected configurations

NVD

Node

microsoftofficeMatch2000

microsoftofficeMatch2000ja

microsoftofficeMatch2000ko

microsoftofficeMatch2000zh

microsoftofficeMatch2000sp1

microsoftofficeMatch2000sp2

microsoftofficeMatch2000sp3

microsoftofficeMatch2001

microsoftofficeMatch2001mac_os

microsoftofficeMatch2001sr1mac_os

microsoftofficeMatch2003

microsoftofficeMatch2003sp1

microsoftofficeMatch2003sp2

microsoftofficeMatch2003sp3

CPENameOperatorVersion
microsoft:officemicrosoft officeeq2000
microsoft:officemicrosoft officeeq2001
microsoft:officemicrosoft officeeq2003

CPE	Name	Operator	Version
microsoft:office	microsoft office	eq	2000
microsoft:office	microsoft office	eq	2001
microsoft:office	microsoft office	eq	2003

References

blogs.securiteam.com/?p=586

isc.sans.org/diary.php?storyid=1669

secunia.com/advisories/21735

securitytracker.com/id?1016787

support.microsoft.com/kb/925059

vil.mcafeesecurity.com/vil/content/v_119055.htm

www.kb.cert.org/vuls/id/806548

www.microsoft.com/technet/security/advisory/925059.mspx

www.osvdb.org/28539

www.securityfocus.com/archive/1/445162/100/100/threaded

www.securityfocus.com/archive/1/445285/100/0/threaded

www.securityfocus.com/archive/1/445381/100/0/threaded

www.securityfocus.com/archive/1/449179/100/0/threaded

www.securityfocus.com/bid/19835

www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99

www.vupen.com/english/advisories/2006/3448

docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060

exchange.xforce.ibmcloud.com/vulnerabilities/28775

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A578

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.611 Medium

EPSS

Percentile

97.8%

JSON

Related for CVE-2006-4534

nvd1 cert1 cvelist1 checkpoint_advisories1 nessus2 securityvulns1