Info

Disclosure

May 19, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Jul 12, 2006

Description

Microsoft Word contains a flaw that may allow a malicious user to execute arbitrary code under the security context of the current user. The issue is triggered due to an unspecified error when processing object pointers. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Commercial
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation	Word	2002
		2003

References

Security Tracker: 1016130
Bugtraq ID: 18037
CVE ID: 2006-2492 (see also: NVD)
Secunia Advisory ID: 20153
SCIP VulDB ID: 2253 2294
ISS X-Force ID: 26556
CERT VU: 446012
VUPEN Advisory: ADV-2006-1872
Mail List Post: http://archives.neohapsis.com/archives/dailydave/2006-q2/0144.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0252.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0268.html
Vendor Specific Advisory URL: http://blogs.technet.com/msrc/archive/2006/05/19/429353.aspx
Generic Exploit URL: http://immunitysec.com
Other Advisory URL: http://isc.sans.org/diary.php?storyid=1345
News Article: http://news.zdnet.com/2100-1009_22-6098229.html
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9000732
http://www.eweek.com/article2/0,1895,1965042,00.asp
Generic Informational URL: http://www.iss.net/resources/msword_ginwui.php [ Link is 404 ]
Microsoft Security Bulletin: MS06-027
CIAC Advisory: q-202

Credit

Shih-hao Weng - -
Andreas Marx - AV-Test.org

Direct URL: http://osvdb.org/25635

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Word

References

Credit