CVE-2006-2492

Name of the Vulnerable Software and Affected Versions Microsoft Word versions in Office 2000 SP3 through Office 2003 SP2 Microsoft Works Suites versions through 2006

Description A buffer overflow issue in Microsoft Word allows user-assisted attackers to execute arbitrary code via a malformed object pointer. This was originally reported for a zero-day attack. The issue enables remote code execution when a specially crafted Word file is used.

Recommendations For Microsoft Word versions in Office 2000 SP3 through Office 2003 SP2, update to a version that includes the fix for this issue. For Microsoft Works Suites versions through 2006, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of Microsoft Word to minimize the risk of exploitation until a patch is available.