[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3493Date: (C)2006-07-10   (M)2023-12-22


Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016453
BID-18905
http://marc.info/?l=full-disclosure&m=115231380526820&w=2
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html
http://www.securityfocus.com/archive/1/archive/1/439649/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/439878/100/0/threaded
ADV-2006-2720
http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx
office-lscreateline-code-execution(27617)
office-lscreateline-dos(27617)

CPE    12
cpe:/a:microsoft:office:2000:sp3
cpe:/a:microsoft:office:2003::student_teacher
cpe:/a:microsoft:office:xp:sp3
cpe:/a:microsoft:office:2000:sp1
...

© SecPod Technologies