Content

Exploit-CVE2006-4534

Type
Trojan
SubType
Exploit
Discovery Date
09/12/2006
Length
Varies
Minimum DAT
4867 (10/05/2006)
Updated DAT
5800 (11/12/2009)
Minimum Engine
5.1.00
Description Added
09/12/2006
Description Modified
02/16/2007 12:21 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Exploit-CVE2006-4534 covers malformed document files crafted to trigger stack corruption and achieve remote code execution on the target system.  Successful exploitation could allow the attacker to execute the arbitrary code with the same credentials as the current user.

Affected software versions include Microsoft Word 2000, XP (Word 2002), and 2003, some versions of Microsoft Works Suite (2004, 2005, 2006), and Microsoft Office for Mac versions 2004 and X.

Additional details and software update patches are available from the publisher here: http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx

Symptoms

This detection is sufficiently generic that it can cover many various threats that leverage the exploit code.  As the attacker could use this exploit to execute arbitrary code it is not possible to describe specific symptoms or details about system charges that would occur from this threat.  However, simply seeing this detection does not necessarily mean that any exploit code was run as such exploit code could only run on a vulnerable system.

Method of Infection

Users may be lured (such as through an email attachment, or hosted online via a web site) to open a malicious document file.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

    N/A

All Information

Overview -

Exploit-CVE2006-4534 covers an exploit vulnerability in some versions of Microsoft Word that could result in arbitrary code execution.

Aliases

  • MS06-060

Characteristics

Characteristics -

Exploit-CVE2006-4534 covers malformed document files crafted to trigger stack corruption and achieve remote code execution on the target system.  Successful exploitation could allow the attacker to execute the arbitrary code with the same credentials as the current user.

Affected software versions include Microsoft Word 2000, XP (Word 2002), and 2003, some versions of Microsoft Works Suite (2004, 2005, 2006), and Microsoft Office for Mac versions 2004 and X.

Additional details and software update patches are available from the publisher here: http://www.microsoft.com/technet/security/Bulletin/MS06-060.mspx

Symptoms

Symptoms -

This detection is sufficiently generic that it can cover many various threats that leverage the exploit code.  As the attacker could use this exploit to execute arbitrary code it is not possible to describe specific symptoms or details about system charges that would occur from this threat.  However, simply seeing this detection does not necessarily mean that any exploit code was run as such exploit code could only run on a vulnerable system.

Method of Infection

Method of Infection -

Users may be lured (such as through an email attachment, or hosted online via a web site) to open a malicious document file.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

    N/A