CVE-2006-3649

medium Microsoft
CVSS v3 Base Score
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS Score
54.4%
Exploitation probability in 30 days
Top 2% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Confidentiality
P
Integrity
P
Availability
P
Published: August 9, 2006 (7218 days ago)
Last Modified: April 16, 2026
Vendor: Microsoft
Source: NVD

Description

Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.

CWE

NVD-CWE-Other

Affected Products

microsoft visual basic

References

🔗 secunia.com 🔗 securitytracker.com 🔗 www.kb.cert.org 🔗 www.securityfocus.com 🔗 www.us-cert.gov