VDB
CVE-2006-2492
CVE-2006-2492
PUBLISHED
KEV
CVSS 7.599999904632568 HIGH
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
EPSS 76.15% · 98.9th percentile
Risk Scores
CVSS 2.0
7.599999904632568
EPSS Score
76.15%
98.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| microsoft | office | 2000, 2003, 2003 |
| microsoft | works_suite | 2000 |
Timeline
- May 20, 2006 CVE Published
- Sep 9, 2013 PoC Published
- Dec 13, 2016 PoC Published
- Jul 2, 2021 PoC Published
- Feb 4, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jun 8, 2022 CISA KEV Added
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- Apr 30, 2023 EPSS Score
References
- MS06-027 vendor-advisory
- oval:org.mitre.oval:def:2068 vdb
- http://isc.sans.org/diary.php?storyid=1345 url
- 25635 vdb
- http://www.microsoft.com/technet/security/advisory/919637.mspx url
- oval:org.mitre.oval:def:1738 vdb
- http://isc.sans.org/diary.php?storyid=1346 url
- TA06-164A third-party-advisory
- ADV-2006-1872 vdb
- 18037 vdb
- 20153 third-party-advisory
- word-code-execution(26556) vdb
- VU#446012 third-party-advisory
- 1016130 vdb
- oval:org.mitre.oval:def:1418 vdb
- TA06-139A third-party-advisory
- http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492 url
- https://nvd.nist.gov/vuln/detail/CVE-2006-2492 advisory