Alias(es)Microsoft.Word.Object.Pointer.Code.Execution |
Release DateJun 13, 2006 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a remote code execution vulnerability in Microsoft Word.The vulnerability results from insecure code in the DLL responsible for handling malicious object pointers in smart tags. It can be exploited via a crafted word file (.doc), leading to remote code execution. |
Affected ProductsMicrosoft Works Suite 2006Microsoft Works Suite 2005 Microsoft Works Suite 2004 Microsoft Works Suite 2003 Microsoft Works Suite 2002 Microsoft Works Suite 2001 Microsoft Works Suite 2000 Microsoft Word 2003 Viewer Microsoft Word 2003 Microsoft Word 2002 Microsoft Word 2002 SP1-SP3 |
Recommended ActionsApply patch, available from the web site:http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-2492 |
Reference/shttp://www.securityfocus.com/bid/18037 (BugTraq)http://www.microsoft.com/technet/security/Bulletin/MS06-027.mspx (MS-ID) |
