Buffer Overflow Vulnerability in Microsoft Office Products
CVE-2006-3649

Currently unrated

Key Information:

Vendor: Microsoft
Status: Visual Basic
Vendor: CVE Published:; 9 August 2006

Summary

This vulnerability arises from a buffer overflow in the Microsoft Visual Basic for Applications (VBA) SDK, specifically in versions 6.0 through 6.4. It affects multiple Microsoft Office products, allowing user-assisted attackers to exploit unspecified document properties when VBA opens documents. If successfully exploited, this flaw enables attackers to execute arbitrary code, potentially compromising the affected system. Users are advised to exercise caution when opening documents from untrusted sources, especially those known to utilize VBA.

References

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

http://www.kb.cert.org/vuls/id/159484

third-party-advisoryx_refsource_CERT-VN

http://secunia.com/advisories/21408

third-party-advisoryx_refsource_SECUNIA

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 9, 2006
Vulnerability Reserved
Jul 17, 2006