CVE-2006-1316

Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://secunia.com/advisories/21012	Vendor Advisory
http://securitytracker.com/id?1016469
http://www.kb.cert.org/vuls/id/580036	US Government Resource
http://www.osvdb.org/27148
http://www.securityfocus.com/bid/18912
http://www.us-cert.gov/cas/techalerts/TA06-192A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/2756	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038
https://exchange.xforce.ibmcloud.com/vulnerabilities/27607
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918
http://secunia.com/advisories/21012	Vendor Advisory
http://securitytracker.com/id?1016469
http://www.kb.cert.org/vuls/id/580036	US Government Resource
http://www.osvdb.org/27148
http://www.securityfocus.com/bid/18912
http://www.us-cert.gov/cas/techalerts/TA06-192A.html	US Government Resource
http://www.vupen.com/english/advisories/2006/2756	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038
https://exchange.xforce.ibmcloud.com/vulnerabilities/27607
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp1::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::

History

21 Nov 2024, 00:08

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/21012 - Vendor Advisory~~	() http://secunia.com/advisories/21012 - Vendor Advisory
References	~~() http://securitytracker.com/id?1016469 -~~	() http://securitytracker.com/id?1016469 -
References	~~() http://www.kb.cert.org/vuls/id/580036 - US Government Resource~~	() http://www.kb.cert.org/vuls/id/580036 - US Government Resource
References	~~() http://www.osvdb.org/27148 -~~	() http://www.osvdb.org/27148 -
References	~~() http://www.securityfocus.com/bid/18912 -~~	() http://www.securityfocus.com/bid/18912 -
References	~~() http://www.us-cert.gov/cas/techalerts/TA06-192A.html - US Government Resource~~	() http://www.us-cert.gov/cas/techalerts/TA06-192A.html - US Government Resource
References	~~() http://www.vupen.com/english/advisories/2006/2756 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2006/2756 - Vendor Advisory
References	~~() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 -~~	() https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27607 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27607 -
References	~~() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918 -~~	() https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918 -

Information

Published : 2006-07-11 21:05

Updated : 2025-04-03 01:03

NVD link : CVE-2006-1316

Mitre link : CVE-2006-1316

CVE.ORG link : CVE-2006-1316

JSON object : View

Products Affected

microsoft

office

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2006-1316", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-07-11T21:05:00.000", "references": [{"url": "http://secunia.com/advisories/21012", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1016469", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/580036", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.osvdb.org/27148", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/18912", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html", "tags": ["US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/2756", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27607", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/21012", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016469", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/580036", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/27148", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/18912", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html", "tags": ["US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/2756", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27607", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A918", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka \"Microsoft Office Parsing Vulnerability,\" a different vulnerability than CVE-2006-2389."}, {"lang": "es", "value": "Vulnerabilidad sin especificar en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes ayudados por el usuario ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Office con una cadena mal formada que dispara una corrupci\u00f3n de memoria relacionada con longitudes de archivo, tambi\u00e9n conocido como \"Microsoft Office Parsing Vulnerability (Vulnerabilidad de An\u00e1lisis Sint\u00e1ctico de Microsoft Office)\", una vulnerabilidad distinta de CVE-2006-2389."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4"}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

9.3 /10