CVE-2006-3647

Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0211.html	Broken Link
http://securitytracker.com/id?1017032	Third Party Advisory VDB Entry
http://www.osvdb.org/29440	Broken Link
http://www.securityfocus.com/archive/1/448417/100/0/threaded
http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.securityfocus.com/bid/20341	Third Party Advisory VDB Entry
http://www.vupen.com/english/advisories/2006/3979	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2000:::::::*
	cpe:2.3:a:microsoft:office:2000:::ja::::
	cpe:2.3:a:microsoft:office:2000:::ko::::
	cpe:2.3:a:microsoft:office:2000:::zh::::
	cpe:2.3:a:microsoft:office:2000:sp1::::::
	cpe:2.3:a:microsoft:office:2000:sp2::::::
	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2001:::::::*
	cpe:2.3:a:microsoft:office:2001:::::mac_os_x::
	cpe:2.3:a:microsoft:office:2001:sr1::::mac_os_x::*
	cpe:2.3:a:microsoft:office:2003::::student_teacher:::
	cpe:2.3:a:microsoft:office:2003:sp1::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:2003:sp3::::::
	cpe:2.3:a:microsoft:office:2004:::::mac_os_x::
	cpe:2.3:a:microsoft:office:v.x:::::::*

History

No history.

Information

Published : 2006-10-10 22:07

Updated : 2024-02-04 17:13

NVD link : CVE-2006-3647

Mitre link : CVE-2006-3647

CVE.ORG link : CVE-2006-3647

JSON object : View

Products Affected

microsoft

office

CWE

CWE-189

Numeric Errors

{"id": "CVE-2006-3647", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-10-10T22:07:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0211.html", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1017032", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.osvdb.org/29440", "tags": ["Broken Link"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/448417/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/20341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3979", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka \"Memmove Code Execution,\" a different vulnerability than CVE-2006-3651 and CVE-2006-4693."}, {"lang": "es", "value": "Desbordamiento de entero en Microsoft Word 2000, 2002, 2003, 2004 para Mac, y v.X para Mac permite a usuarios remotos con la complicidad del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante una cadena artesanal en un fichero Word, lo que desborda la longitud del valor de un entero de 16-bit, tambi\u00e9n conocido como \"Memmove Code Execution\", una vulnerabilidad diferente que CVE-2006-3651 y CVE-2006-4693."}], "lastModified": "2018-10-18T16:48:43.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A"}, {"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*", "vulnerable": true, "matchCriteriaId": "757EC6C1-F5E2-45CD-9F7F-7760ECEDC842"}, {"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59B1B68C-86F1-4FA4-9F82-3E8761ED1E74"}, {"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*", "vulnerable": true, "matchCriteriaId": "716DDA05-D094-4837-852C-0511CDDD5ABC"}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C54DDAF-8D7F-4A7D-9186-6048D4C850B2"}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67388076-420D-4327-A436-329177EA6F42"}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B"}, {"criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "64B3099E-DFA0-4C7E-B016-370028BF8387"}, {"criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:mac_os_x:*:*", "vulnerable": true, "matchCriteriaId": "DCBB9A94-1CF8-485D-9694-90E1C51AADE4"}, {"criteria": "cpe:2.3:a:microsoft:office:2001:sr1:*:*:*:mac_os_x:*:*", "vulnerable": true, "matchCriteriaId": "27BB6CEC-C0F7-45BB-BE9A-60489E16CCFC"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:student_teacher:*:*:*", "vulnerable": true, "matchCriteriaId": "ADD36A6D-10D8-4E06-899A-70FF822DAD15"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E"}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os_x:*:*", "vulnerable": true, "matchCriteriaId": "A78DC369-DCAE-4D75-8C33-0FFF108640F8"}, {"criteria": "cpe:2.3:a:microsoft:office:v.x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310DF9B3-3494-4BD4-8A9D-82211EA6C518"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}