CVE-2006-0001

Published: Sep 12, 2006Modified: Apr 16, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.

Affected (7)

Products: Microsoft: Office, Publisher

2 products

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2000 sp3
Microsoft Office	Version 2003 sp1
Microsoft Office	Version 2003 sp2
Microsoft Office	Version xp sp3
Microsoft Publisher	Version 2000
Microsoft Publisher	Version 2002
Microsoft Publisher	Version 2003

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (26)

http://secunia.com/advisories/21863

Source: secure@microsoft.com

PatchVendor Advisory

http://securityreason.com/securityalert/1548

Source: secure@microsoft.com

http://securitytracker.com/id?1016825

Source: secure@microsoft.com

http://www.computerterrorism.com/research/ct12-09-2006-2.htm

Source: secure@microsoft.com

ExploitPatchVendor Advisory

http://www.kb.cert.org/vuls/id/406236

Source: secure@microsoft.com

US Government Resource

http://www.securityfocus.com/archive/1/445824/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/446630/100/100/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/19951

Source: secure@microsoft.com

Patch

http://www.us-cert.gov/cas/techalerts/TA06-255A.html

Source: secure@microsoft.com

US Government Resource

http://www.vupen.com/english/advisories/2006/3565

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/28648

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590

Source: secure@microsoft.com

http://secunia.com/advisories/21863

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/1548

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1016825

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.computerterrorism.com/research/ct12-09-2006-2.htm

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.kb.cert.org/vuls/id/406236

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.securityfocus.com/archive/1/445824/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/446630/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/19951

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.us-cert.gov/cas/techalerts/TA06-255A.html

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

http://www.vupen.com/english/advisories/2006/3565

Source: af854a3a-2127-422b-91ae-364da2661108

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-054

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/28648

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A590

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.