CVE-2006-3649
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
Desbordamiento de búfer en Microsoft Visual Basic para Aplicaciones (VBA) SDK 6.0 hasta 6.4, como se usa en Microsoft Office 2000 SP3, Office XPSP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, y Works Suite 2004 hasta 2006, permite a atacantes remotos con intervención del usuario ejecutar código de su elección mediante propiedades de documento no especificadas que no son verificadas cuando VBA es invocado para abrir documentos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-07-17 CVE Reserved
- 2006-08-09 CVE Published
- 2024-06-29 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://secunia.com/advisories/21408 | Third Party Advisory | |
| http://securitytracker.com/id?1016656 | Vdb Entry | |
| http://www.securityfocus.com/bid/19414 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2006/3214 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A694 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.kb.cert.org/vuls/id/159484 | 2018-10-12 | |
| http://www.us-cert.gov/cas/techalerts/TA06-220A.html | 2018-10-12 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-047 | 2018-10-12 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.2 Search vendor "Microsoft" for product "Visual Basic" and version "6.2" | - |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.2 Search vendor "Microsoft" for product "Visual Basic" and version "6.2" | sdk |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.3 Search vendor "Microsoft" for product "Visual Basic" and version "6.3" | sdk |
Affected
| ||||||
| Microsoft Search vendor "Microsoft" | Visual Basic Search vendor "Microsoft" for product "Visual Basic" | 6.4 Search vendor "Microsoft" for product "Visual Basic" and version "6.4" | sdk |
Affected
| ||||||