Lucene search

MicrosoftCVE-2006-4695

HistoryMar 11, 2008 - 11:00 p.m.

CVE-2006-4695

2008-03-1123:00:00

CWE-94

microsoft

web.nvd.nist.gov

microsoft office

web components

vulnerability

remote code execution

url parsing

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.86

Percentile

98.6%

JSON

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka “Office Web Components URL Parsing Vulnerability.”

Affected configurations

Nvd

Node

microsoftoffice_web_componentsMatch2000

VendorProductVersionCPE
microsoftoffice_web_components2000cpe:2.3:a:microsoft:office_web_components:2000:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	office_web_components	2000	cpe:2.3:a:microsoft:office_web_components:2000:::::::*

References

marc.info/?l=bugtraq&m=120585858807305&w=2

secunia.com/advisories/29328

www.kb.cert.org/vuls/id/654577

www.securityfocus.com/bid/28135

www.securitytracker.com/id?1019580

www.us-cert.gov/cas/techalerts/TA08-071A.html

www.vupen.com/english/advisories/2008/0849/references

docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-017

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14227

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

Low

EPSS

0.86

Percentile

98.6%

JSON

Related for CVE-2006-4695