FKIE_CVE-2006-4534

Vulnerability from fkie_nvd - Published: 2006-09-05 17:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
References
cve@mitre.orghttp://blogs.securiteam.com/?p=586Third Party Advisory
cve@mitre.orghttp://isc.sans.org/diary.php?storyid=1669Third Party Advisory
cve@mitre.orghttp://secunia.com/advisories/21735Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1016787Third Party Advisory, VDB Entry
cve@mitre.orghttp://support.microsoft.com/kb/925059Patch, Vendor Advisory
cve@mitre.orghttp://vil.mcafeesecurity.com/vil/content/v_119055.htmThird Party Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/806548Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.microsoft.com/technet/security/advisory/925059.mspxPatch, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/28539Broken Link
cve@mitre.orghttp://www.securityfocus.com/archive/1/445162/100/100/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/445285/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/445381/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/449179/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19835Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99Third Party Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3448Vendor Advisory
cve@mitre.orghttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28775Third Party Advisory, VDB Entry
cve@mitre.orghttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A578Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://blogs.securiteam.com/?p=586Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://isc.sans.org/diary.php?storyid=1669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21735Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016787Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://support.microsoft.com/kb/925059Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://vil.mcafeesecurity.com/vil/content/v_119055.htmThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/806548Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.microsoft.com/technet/security/advisory/925059.mspxPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/28539Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/445162/100/100/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/445285/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/445381/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/449179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19835Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3448Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28775Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A578Third Party Advisory
Impacted products
Vendor Product Version
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2001
microsoft office 2001
microsoft office 2001
microsoft office 2003
microsoft office 2003
microsoft office 2003
microsoft office 2003
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*",
              "matchCriteriaId": "757EC6C1-F5E2-45CD-9F7F-7760ECEDC842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*",
              "matchCriteriaId": "59B1B68C-86F1-4FA4-9F82-3E8761ED1E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*",
              "matchCriteriaId": "716DDA05-D094-4837-852C-0511CDDD5ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3C54DDAF-8D7F-4A7D-9186-6048D4C850B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "67388076-420D-4327-A436-329177EA6F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:*:*:*",
              "matchCriteriaId": "64B3099E-DFA0-4C7E-B016-370028BF8387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:mac_os:*:*",
              "matchCriteriaId": "43AE142C-E7AD-418E-BA9B-887285EE9620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2001:sr1:*:*:*:mac_os:*:*",
              "matchCriteriaId": "23E6544C-3695-45E6-A8AD-2F3A3B574915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft Word 2000, 2002 y Office 2003 permite a atacantes remotos asistidos por el usuario ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados involucrando un archivo manipulado que resulta de una pila mal formada, como explotado por malware con nombres que incluyen Trojan.Mdropper.Q, Mofei y Femo."
    }
  ],
  "id": "CVE-2006-4534",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-09-05T17:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blogs.securiteam.com/?p=586"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.php?storyid=1669"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21735"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016787"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.microsoft.com/kb/925059"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://vil.mcafeesecurity.com/vil/content/v_119055.htm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/806548"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/925059.mspx"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/28539"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445162/100/100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445285/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445381/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/19835"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3448"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28775"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://blogs.securiteam.com/?p=586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://isc.sans.org/diary.php?storyid=1669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://support.microsoft.com/kb/925059"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://vil.mcafeesecurity.com/vil/content/v_119055.htm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/806548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.microsoft.com/technet/security/advisory/925059.mspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/28539"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445162/100/100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445285/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445381/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/19835"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-090219-2855-99"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A578"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.