CVE-2006-2492
Published: 20 May 2006
Summary
CVE-2006-2492 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Microsoft Office. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 0.9% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2006-2492 is a buffer overflow vulnerability, tracked under CWE-120, that affects Microsoft Word components in Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, and Microsoft Works Suites through 2006. The flaw arises from improper handling of a malformed object pointer in Word documents and carries a CVSS 3.1 score of 8.8.
User-assisted attackers can exploit the issue by supplying a crafted document that triggers arbitrary code execution when opened in an affected application. The vulnerability was first identified through zero-day attacks observed and reported by the Internet Storm Center in May 2006.
Advisories referenced at the Microsoft Security Response Center blog, Secunia, SecurityTracker, and ISC diaries describe the issue and point to available patches and mitigation guidance for the listed products. The attack vector requires victim interaction and was actively used in the wild at the time of disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2006-2492
Vulnerability details
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC…
more
on 20060519 for a zero-day attack.
- CWE(s)
- KEV Date Added
- 08 June 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all input (including malformed object pointers in Word documents) to prevent buffer overflows that enable arbitrary code execution.
Enforces memory protections (e.g., ASLR, DEP, bounds checking) that block exploitation of the buffer overflow in affected Office components.
Mandates timely installation of vendor patches that remediate the specific malformed-pointer flaw in Office 2000/XP/2003 and Works.