NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-3649

Summary	Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
Publication Date	Aug. 9, 2006, 9:04 a.m.
Registration Date	Jan. 29, 2021, 3:41 p.m.
Last Update	Oct. 13, 2018, 6:40 a.m.

CVSS2.0 : MEDIUM
Score	5.1
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	高
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	はい
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:microsoft:visual_basic:6.2:::::::*
cpe:2.3:a:microsoft:visual_basic:6.2::sdk:::::
cpe:2.3:a:microsoft:visual_basic:6.3::sdk:::::
cpe:2.3:a:microsoft:visual_basic:6.4::sdk:::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/21408	SECUNIA
2	http://securitytracker.com/id?1016656	SECTRACK
3	http://www.kb.cert.org/vuls/id/159484	CERT-VN	Patch US Government Resource
4	http://www.securityfocus.com/bid/19414	BID
5	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	CERT	Patch US Government Resource
6	http://www.vupen.com/english/advisories/2006/3214	VUPEN
7	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-047	MS
8	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A694	OVAL

Common Vulnerabilities List