QwikSec

Security Database

CVE

CWE

Training

CVE-2006-3493

Published: Jul 10, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

20060710 MS Word Unchecked Boundary Condition Vulnerability

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_SECTRACK

20060707 MS Word Unchecked Boundary Condition Vulnerability - POC

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_VUPEN

20060707 MS Word Unchecked Boundary Condition

mailing-list

x_refsource_FULLDISC

20060711 Fuzzing Microsoft Office

mailing-list

x_refsource_FULLDISC

office-lscreateline-dos(27617)

vdb-entry

x_refsource_XF

20060711 Fuzzing Microsoft Office

mailing-list

x_refsource_BUGTRAQ

http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.