Vulnerability Note VU#806548
Microsoft Word 2000 malformed record vulnerability
Microsoft Word 2000 contains a memory corruption vulnerability. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running Word 2000.
Microsoft Word 2000 fails to properly handle malformed records leading to memory corruption. For more information refer to Microsoft Security Bulletin MS06-060.
Note that we have received reports that this vulnerability is actively being exploited.
By convincing a user to open a specially crafted Word document, an attacker could execute arbitrary code with the privileges of the user running Word 2000. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system.
Apply an update
Do not open untrusted Word documents
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||05 Sep 2006||10 Oct 2006|
CVSS Metrics (Learn More)
This vulnerability was reported by Juha-Matti Laurio.
This document was written by Jeff Gennari.
- CVE IDs: CVE-2006-4534
- Date Public: 05 Sep 2006
- Date First Published: 07 Sep 2006
- Date Last Updated: 10 Oct 2006
- Severity Metric: 25.06
- Document Revision: 34
If you have feedback, comments, or additional information about this vulnerability, please send us email.