Unrated severityNVD Advisory· Published Aug 9, 2006· Updated Apr 16, 2026

CVE-2006-3649

Description

Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.

Affected products

Microsoft/Visual Basic4 versions
cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:microsoft:visual_basic:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic:6.2:*:sdk:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic:6.3:*:sdk:*:*:*:*:*
- cpe:2.3:a:microsoft:visual_basic:6.4:*:sdk:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/159484nvdPatchUS Government Resource
www.us-cert.gov/cas/techalerts/TA06-220A.htmlnvdPatchUS Government Resource
secunia.com/advisories/21408nvd
securitytracker.com/idnvd
www.securityfocus.com/bid/19414nvd
www.vupen.com/english/advisories/2006/3214nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-047nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A694nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.038
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000