Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations | |||
---|---|---|---|
Name | MS06-060 | First vendor Publication | 2006-10-10 |
Vendor | Microsoft | Last vendor Modification | 2006-10-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4 | |||
Oval ID: | oval:org.mitre.oval:def:4 | ||
Title: | Microsoft Word Vulnerability | ||
Description: | Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3647 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:51 | |||
Oval ID: | oval:org.mitre.oval:def:51 | ||
Title: | Microsoft Word Mail Merge Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-3651 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:578 | |||
Oval ID: | oval:org.mitre.oval:def:578 | ||
Title: | Microsoft Word Malformed Stack Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-4534 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Word |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
29442 | Microsoft Word for Mac Crafted String Unspecified Code Execution Word contains an unspecified flaw related to that may allow an attacker to execute arbitrary code. No further details have been provided. |
29441 | Microsoft Word Crafted Mail Merge File Arbitrary Code Execution |
29440 | Microsoft Word memmove Integer Overflow A local overflow exists in Word. The program fails to validate data passed to a memmove call resulting in an integer overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
28539 | Microsoft Word 2000 Unspecified Code Execution Microsoft Word 2000 contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a unspecified malformed string in a Word document causes system memory corruption. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-11 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_oct2006.nasl - Type : ACT_GATHER_INFO |
2006-10-10 | Name : Arbitrary code can be executed on the remote host through Microsoft Word. File : smb_nt_ms06-060.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:30 |
|
2013-05-11 12:21:55 |
|