CVE-2006-6561

Scores

EPSS

0.714medium71.4%

0%20%40%60%80%100%

Percentile: 71.4%

CVSS

9.3critical2.0

0246810

CVSS Score: 9.3/10

All CVSS Scores

CVSS 2.0

9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.

Learn more about Scaner-VS 7

Sources

nvd

Exploits

Exploit ID: 2922

Source: exploitdb

URL: https://www.exploit-db.com/exploits/2922

Recommendations

Source: nvd

Apply Update for MicrosoftMicrosoft has addressed this vulnerability in Microsoft Security Bulletin MS07-014.Do not open untrusted Word documentsDo not open unfamiliar or unexpected Word or other Office documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010.Do not rely on file name extension filteringIn most cases, Windows will call Word to open a document even if the document has an unknown file extension. For example, if document.qwer contains the correct file header information, Windows will open document.qwer with Word. Filtering for common extensions (e.g., .doc, and .dot) will not detect all Word documents. Disable automatic opening of Microsoft Office documentsBy default, Microsoft Office 97 and Microsoft Office 2000 will configure Internet Explorer to automatically open Microsoft Office documents. This feature can be disabled by using the Office Document Open Confirmation Tool. Mozilla Firefox users should disable automatic opening of files, as specified in the Securing Your Web Browser document.

URL: http://www.kb.cert.org/vuls/id/996892

Vulnerable Software (4)

Type: Configuration

Vendor: *

Product: office

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: word

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: word_viewer

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: works

Operating System: * * *

Trait:

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",...

{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2000:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2002:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

End of list

Russian Vulnerability Scanner Database

CVE-2006-6561

Scores

EPSS

CVSS

All CVSS Scores

Vector Breakdown

CVSS

Attack Vector

Attack Complexity

Authentication

Confidentiality Impact

Integrity Impact

Availability Impact

Description

Scaner-VS 7 — a modern vulnerability management solution

Sources

Exploits

Recommendations

Vulnerable Software (4)