Cyber Resilience

CVE-2006-2492

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 20 May 2006

Published
20 May 2006
Modified
16 April 2026
KEV Added
08 June 2022
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7906 99.1th percentile
Risk Priority 85 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2006-2492 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Microsoft Office. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2006-2492 is a buffer overflow vulnerability, tracked under CWE-120, that affects Microsoft Word components in Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, and Microsoft Works Suites through 2006. The flaw arises from improper handling of a malformed object pointer in Word documents and carries a CVSS 3.1 score of 8.8.

User-assisted attackers can exploit the issue by supplying a crafted document that triggers arbitrary code execution when opened in an affected application. The vulnerability was first identified through zero-day attacks observed and reported by the Internet Storm Center in May 2006.

Advisories referenced at the Microsoft Security Response Center blog, Secunia, SecurityTracker, and ISC diaries describe the issue and point to available patches and mitigation guidance for the listed products. The attack vector requires victim interaction and was actively used in the wild at the time of disclosure.

EU & UK References

Vulnerability details

Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC…

more

on 20060519 for a zero-day attack.

CWE(s)
KEV Date Added
08 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
office
2000, 2003, xp
microsoft
works suite
2000 — 2006

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all input (including malformed object pointers in Word documents) to prevent buffer overflows that enable arbitrary code execution.

prevent

Enforces memory protections (e.g., ASLR, DEP, bounds checking) that block exploitation of the buffer overflow in affected Office components.

prevent

Mandates timely installation of vendor patches that remediate the specific malformed-pointer flaw in Office 2000/XP/2003 and Works.

References