CVE-2006-2492

8.8 HIGH CISA KEV - Actively Exploited
Published: May 20, 2006 Modified: October 22, 2025
View on NVD

Description

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
Source: cret@cert.org
Broken Link
http://isc.sans.org/diary.php?storyid=1345
Source: cret@cert.org
Exploit
http://isc.sans.org/diary.php?storyid=1346
Source: cret@cert.org
Exploit
http://secunia.com/advisories/20153
Source: cret@cert.org
Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1016130
Source: cret@cert.org
Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/446012
Source: cret@cert.org
Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspx
Source: cret@cert.org
Broken Link Patch Vendor Advisory
http://www.osvdb.org/25635
Source: cret@cert.org
Broken Link
http://www.securityfocus.com/bid/18037
Source: cret@cert.org
Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
Source: cret@cert.org
Broken Link Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
Source: cret@cert.org
Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1872
Source: cret@cert.org
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027
Source: cret@cert.org
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
Source: cret@cert.org
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418
Source: cret@cert.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738
Source: cret@cert.org
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068
Source: cret@cert.org
Broken Link
http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://isc.sans.org/diary.php?storyid=1345
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://isc.sans.org/diary.php?storyid=1346
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
http://secunia.com/advisories/20153
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Vendor Advisory
http://securitytracker.com/id?1016130
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.kb.cert.org/vuls/id/446012
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory US Government Resource
http://www.microsoft.com/technet/security/advisory/919637.mspx
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Vendor Advisory
http://www.osvdb.org/25635
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.securityfocus.com/bid/18037
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Patch Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-139A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory US Government Resource
http://www.us-cert.gov/cas/techalerts/TA06-164A.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/1872
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-027
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/26556
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1418
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1738
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2068
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2006-2492
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

35 reference(s) from NVD

Quick Stats

CVSS v3 Score
8.8 / 10.0
EPSS (Exploit Probability)
77.2%
99th percentile
Exploitation Status
Actively Exploited
Remediation due: 2022-06-22

Weaknesses (CWE)

CWE-120 CWE-120

Affected Vendors

microsoft

Related CVEs

CVE-2025-52691 10.0
CVE-2025-15168 7.3
CVE-2025-15167 7.3
CVE-2025-15166 7.3
CVE-2025-15165 7.3