// For flags

CVE-2006-3493

Microsoft Word 2000/2003 - Unchecked Boundary Condition

Severity Score

5.1
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

Desbordamiento de búfer en la función LsCreateLine (mso_203) en mso.dll y mso9.dll, tal como se utiliza en Microsoft Word y posiblemente en otros productos en Microsoft Office 2003, 2002 y 2000, permite a atacantes remotos asistidos por usuario provocar una denegación de servicio (caída) a través de un documento Word manipulado u otro tipo de archivo Office. NOTA: este problema fue originalmente reportado para permitir ejecución de código, pero el 10-07-2006 Microsoft declaró que la ejecución de código no es posible y el investigador original está de acuerdo.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-07-10 CVE Reserved
  • 2006-07-10 CVE Published
  • 2006-07-10 First Exploit
  • 2024-05-30 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2000
Search vendor "Microsoft" for product "Office" and version "2000"
-
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2000
Search vendor "Microsoft" for product "Office" and version "2000"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2000
Search vendor "Microsoft" for product "Office" and version "2000"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2000
Search vendor "Microsoft" for product "Office" and version "2000"
sp3
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2003
Search vendor "Microsoft" for product "Office" and version "2003"
-
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2003
Search vendor "Microsoft" for product "Office" and version "2003"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2003
Search vendor "Microsoft" for product "Office" and version "2003"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 2003
Search vendor "Microsoft" for product "Office" and version "2003"
sp3
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 xp
Search vendor "Microsoft" for product "Office" and version "xp"
-
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 xp
Search vendor "Microsoft" for product "Office" and version "xp"
sp1
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 xp
Search vendor "Microsoft" for product "Office" and version "xp"
sp2
Affected
Microsoft
Search vendor "Microsoft"
 Office
Search vendor "Microsoft" for product "Office"
 xp
Search vendor "Microsoft" for product "Office" and version "xp"
sp3
Affected