| Last Updated Date | Mar 06, 2008 |
| Release Date | Jun 13, 2006 |
| Severity | High |
| Impact | System Compromise: Remote attackers can gain control of vulnerable systems. |
| Description | This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Word.
The vulnerability results from insecure code in the DLL responsible for handling malicious object pointers in smart tags. It can be exploited via a crafted word file (.doc), leading to remote code execution. |
| Affected Products | Microsoft Works Suite 2006
Microsoft Works Suite 2005
Microsoft Works Suite 2004
Microsoft Works Suite 2003
Microsoft Works Suite 2002
Microsoft Works Suite 2001
Microsoft Works Suite 2000
Microsoft Word 2003 Viewer
Microsoft Word 2003
Microsoft Word 2002
Microsoft Word 2002 SP1-SP3 |
| Recommended Actions | Apply patch, available from the web site:
http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2492
|
| Microsoft Bulletin ID | MS06-027 http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx |
| Reference/s | http://www.securityfocus.com/bid/18037 (BugTraq)
|