{"vuid":"VU#921300","idnumber":"921300","name":"Microsoft Word vulnerable to remote code execution","keywords":["Microsoft","Word","remote code execution","mail merge file","ms06-oct","Office","Works"],"overview":"A remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file.","clean_desc":"Microsoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file is opened by Word. More information and a list of affected versions is available in Microsoft Security Bulletin MS06-060.","impact":"A remote attacker who can successfully convince the user to open the specially crafted mail merge file may be able to execute arbitrary code with the privileges of the local user.","resolution":"Apply an update Microsoft has released updates in Mircosoft Security Bulletin MS06-060 to address this issue.","workarounds":"Workaround Microsoft has supplied the following workaround for this vulnerability: Do not open or save Microsoft Word files that you receive from untrusted sources or that you received unexpectedly from trusted sources.","sysaffected":"","thanks":"Thanks to Microsoft Security for reporting this vulnerability in Microsoft Security Bulletin \nMS06-060","author":"This document was written by Katie Steiner.","public":["h","t","t","p",":","/","/","w","w","w",".","m","i","c","r","o","s","o","f","t",".","c","o","m","/","t","e","c","h","n","e","t","/","s","e","c","u","r","i","t","y","/","b","u","l","l","e","t","i","n","/","m","s","0","6","-","0","6","0",".","m","s","p","x"],"cveids":["CVE-2006-3651"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-10-10T19:00:00Z","publicdate":"2006-10-10T00:00:00Z","datefirstpublished":"2006-10-12T12:31:20Z","dateupdated":"2006-10-12T14:57:37Z","revision":17,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"17","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"17","cam_easeofexploitation":"2","cam_attackeraccessrequired":"12","cam_scorecurrent":"2.5245","cam_scorecurrentwidelyknown":"2.86875","cam_scorecurrentwidelyknownexploited":"5.16375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.5245,"vulnote":null}