cvelistv5 - CVE-2006-3449

CVE-2006-3449 (GCVE-0-2006-3449)

Vulnerability from cvelistv5 – Published: 2006-08-09 00:00 – Updated: 2024-08-07 18:30

Summary

Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://securityreason.com/securityalert/1342	third-party-advisoryx_refsource_SREASON
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://www.securityfocus.com/bid/19341	vdb-entryx_refsource_BID
	http://www.kb.cert.org/vuls/id/884252	third-party-advisoryx_refsource_CERT-VN
	http://secway.org/advisory/AD20060808.txt	x_refsource_MISC
	http://securitytracker.com/id?1016657	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/archive/1/442592/100…	mailing-listx_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	third-party-advisoryx_refsource_CERT
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1342"
          },
          {
            "name": "MS06-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
          },
          {
            "name": "19341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19341"
          },
          {
            "name": "VU#884252",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884252"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secway.org/advisory/AD20060808.txt"
          },
          {
            "name": "1016657",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016657"
          },
          {
            "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
          },
          {
            "name": "TA06-220A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:348",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1342"
        },
        {
          "name": "MS06-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
        },
        {
          "name": "19341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19341"
        },
        {
          "name": "VU#884252",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884252"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secway.org/advisory/AD20060808.txt"
        },
        {
          "name": "1016657",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016657"
        },
        {
          "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
        },
        {
          "name": "TA06-220A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:348",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1342",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1342"
            },
            {
              "name": "MS06-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
            },
            {
              "name": "19341",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19341"
            },
            {
              "name": "VU#884252",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884252"
            },
            {
              "name": "http://secway.org/advisory/AD20060808.txt",
              "refsource": "MISC",
              "url": "http://secway.org/advisory/AD20060808.txt"
            },
            {
              "name": "1016657",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016657"
            },
            {
              "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
            },
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:348",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-3449",
    "datePublished": "2006-08-09T00:00:00",
    "dateReserved": "2006-07-07T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3E392539-ABF6-4B5C-AEC3-C54B51E0DB70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:*:*:ja:*:*:*:*\", \"matchCriteriaId\": \"FF8DA1F4-51F5-4701-BA23-6A77057DD420\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:*:*:ko:*:*:*:*\", \"matchCriteriaId\": \"FB88D5F8-4D7A-4D77-9F05-4910405E0A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*\", \"matchCriteriaId\": \"C8CCDE97-AE42-4BB8-9947-5BBD81DA6CA0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D64E16F-0E13-4679-A68D-66866A77149F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"16844C40-F012-4C19-9028-D05014EBF7D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5843C1AA-953B-4CC1-9B1B-AF9969BB1A59\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2001:*:*:*:*:mac_os:*:*\", \"matchCriteriaId\": \"88499AA7-D0AD-4914-8B24-153EEED8DF7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"711D9CC0-31B8-4511-A9F3-CA328A02ED84\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*\", \"matchCriteriaId\": \"054BA29C-3320-475D-95AE-996BAA04D464\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3DC15E7-F1C3-42D0-AE3E-DDF6300FCD7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*\", \"matchCriteriaId\": \"34C63AE5-4584-4A51-B20D-36FA6DE01C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5611EFD-2C7C-47BA-83E5-947EA00D8E6C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \\\"Microsoft PowerPoint Malformed Record Vulnerability.\\\"\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en Microsoft PowerPoint 2000 hasta 2003, posiblemenet un desbordamiento de b\\u00fafer, permite a atacantes remotos con intervenci\\u00f3n del usuario ejecutar comandos de su elecci\\u00f3n mediante un registro mal formado en el formato de archivo BIFF utilizado en un archivo PPT, un problema distinto de CVE-2006-1540, tambi\\u00e9n conocido como \\\"Vulnerabilidad de Registro Mal Formado de Microsoft PowerPoint\\\" (\\\"Microsoft PowerPoint Malformed Record Vulnerability\\\").\"}]",
      "id": "CVE-2006-3449",
      "lastModified": "2024-11-21T00:13:38.347",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2006-08-09T00:04:00.000",
      "references": "[{\"url\": \"http://securityreason.com/securityalert/1342\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016657\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secway.org/advisory/AD20060808.txt\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/884252\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/442592/100/0/threaded\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"http://www.securityfocus.com/bid/19341\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048\", \"source\": \"secure@microsoft.com\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securityreason.com/securityalert/1342\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1016657\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://secway.org/advisory/AD20060808.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Not Applicable\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/884252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"http://www.securityfocus.com/archive/1/442592/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19341\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3449\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-08-09T00:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \\\"Microsoft PowerPoint Malformed Record Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Microsoft PowerPoint 2000 hasta 2003, posiblemenet un desbordamiento de b\u00fafer, permite a atacantes remotos con intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n mediante un registro mal formado en el formato de archivo BIFF utilizado en un archivo PPT, un problema distinto de CVE-2006-1540, tambi\u00e9n conocido como \\\"Vulnerabilidad de Registro Mal Formado de Microsoft PowerPoint\\\" (\\\"Microsoft PowerPoint Malformed Record Vulnerability\\\").\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E392539-ABF6-4B5C-AEC3-C54B51E0DB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:ja:*:*:*:*\",\"matchCriteriaId\":\"FF8DA1F4-51F5-4701-BA23-6A77057DD420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:ko:*:*:*:*\",\"matchCriteriaId\":\"FB88D5F8-4D7A-4D77-9F05-4910405E0A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*\",\"matchCriteriaId\":\"C8CCDE97-AE42-4BB8-9947-5BBD81DA6CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D64E16F-0E13-4679-A68D-66866A77149F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"16844C40-F012-4C19-9028-D05014EBF7D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5843C1AA-953B-4CC1-9B1B-AF9969BB1A59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2001:*:*:*:*:mac_os:*:*\",\"matchCriteriaId\":\"88499AA7-D0AD-4914-8B24-153EEED8DF7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"711D9CC0-31B8-4511-A9F3-CA328A02ED84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"054BA29C-3320-475D-95AE-996BAA04D464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3DC15E7-F1C3-42D0-AE3E-DDF6300FCD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C63AE5-4584-4A51-B20D-36FA6DE01C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5611EFD-2C7C-47BA-83E5-947EA00D8E6C\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/1342\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016657\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secway.org/advisory/AD20060808.txt\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/884252\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/442592/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/19341\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secway.org/advisory/AD20060808.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/884252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/442592/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

CERTA-2006-AVI-346

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités ont été identifiées dans Microsoft Office Powerpoint. Une personne malveillante peut construire des documents Powerpoint exploitant l'une d'elles afin d'exécuter des commandes arbitraires lorsqu'ils seront ouverts sur le système ayant une version vulnérable.

Description

Cet avis fait suite à la mise à jour de l'alerte CERTA-2006-ALE-009-002.

Plusieurs vulnérabilités ont été identifiées dans le logiciel de présentations Microsoft Office Powerpoint. L'une d'elles concerne la bibliothèque mso.dll utilisée par la suite Office.

Pour exploiter celles-ci, un utilisateur malveillant doit construire un document Powerpoint particulier, puis le distribuer (par courrier électronique, par lien dans une page Web, etc). Si un utilisateur l'ouvre sur un système vulnérable, il est alors possible d'exécuter des commandes arbitraires avec les droits de ce dernier.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Powerpoint 2000 dans Office 2000 Service Pack 3 ;
Microsoft Powerpoint 2002 dans Office XP Service Pack 3 ;
Microsoft Powerpoint 2003 dans Office 2003 (Service Pack 1 ou 2) ;
Microsoft Powerpoint 2004 dans Office 2004 pour Mac ;
Microsoft Powerpoint v.X dans Office v.X pour Mac.

La visionneuse Microsoft Powerpoint 2003 n'est pas affectée par ces vulnérabilités, ainsi que les produits de Microsoft Works Suite.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-048 du 08 août 2006	None	vendor-advisory
Référence à l'alerte CERTA CERTA-ALE-2006-009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Powerpoint 2000 dans Office 2000 Service Pack 3    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint 2002 dans Office XP Service Pack 3    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint 2003 dans Office 2003 (Service Pack 1    ou 2) ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint 2004 dans Office 2004 pour Mac ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint v.X dans Office v.X pour Mac.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLa visionneuse Microsoft Powerpoint 2003 n\u0027est pas affect\u00e9e  par ces vuln\u00e9rabilit\u00e9s, ainsi que les produits de Microsoft Works  Suite.\u003c/P\u003e",
  "content": "## Description\n\nCet avis fait suite \u00e0 la mise \u00e0 jour de l\u0027alerte CERTA-2006-ALE-009-002.\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le logiciel de\npr\u00e9sentations Microsoft Office Powerpoint. L\u0027une d\u0027elles concerne la\nbiblioth\u00e8que mso.dll utilis\u00e9e par la suite Office.\n\nPour exploiter celles-ci, un utilisateur malveillant doit construire un\ndocument Powerpoint particulier, puis le distribuer (par courrier\n\u00e9lectronique, par lien dans une page Web, etc). Si un utilisateur\nl\u0027ouvre sur un syst\u00e8me vuln\u00e9rable, il est alors possible d\u0027ex\u00e9cuter des\ncommandes arbitraires avec les droits de ce dernier.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3449"
    },
    {
      "name": "CVE-2006-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3590"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence \u00e0 l\u0027alerte CERTA CERTA-ALE-2006-009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ALE-009/"
    }
  ],
  "reference": "CERTA-2006-AVI-346",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Microsoft Office\nPowerpoint. Une personne malveillante peut construire des documents\nPowerpoint exploitant l\u0027une d\u0027elles afin d\u0027ex\u00e9cuter des commandes\narbitraires lorsqu\u0027ils seront ouverts sur le syst\u00e8me ayant une version\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office, dont Powerpoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-048 du 08 ao\u00fbt 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-048.mspx"
    }
  ]
}

CERTA-2006-AVI-346

Vulnerability from certfr_avis - Published: - Updated:

Description

Cet avis fait suite à la mise à jour de l'alerte CERTA-2006-ALE-009-002.

Plusieurs vulnérabilités ont été identifiées dans le logiciel de présentations Microsoft Office Powerpoint. L'une d'elles concerne la bibliothèque mso.dll utilisée par la suite Office.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Powerpoint 2000 dans Office 2000 Service Pack 3 ;
Microsoft Powerpoint 2002 dans Office XP Service Pack 3 ;
Microsoft Powerpoint 2003 dans Office 2003 (Service Pack 1 ou 2) ;
Microsoft Powerpoint 2004 dans Office 2004 pour Mac ;
Microsoft Powerpoint v.X dans Office v.X pour Mac.

La visionneuse Microsoft Powerpoint 2003 n'est pas affectée par ces vulnérabilités, ainsi que les produits de Microsoft Works Suite.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-048 du 08 août 2006	None	vendor-advisory
Référence à l'alerte CERTA CERTA-ALE-2006-009 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cUL\u003e    \u003cLI\u003eMicrosoft Powerpoint 2000 dans Office 2000 Service Pack 3    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint 2002 dans Office XP Service Pack 3    ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint 2003 dans Office 2003 (Service Pack 1    ou 2) ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint 2004 dans Office 2004 pour Mac ;\u003c/LI\u003e    \u003cLI\u003eMicrosoft Powerpoint v.X dans Office v.X pour Mac.\u003c/LI\u003e  \u003c/UL\u003e  \u003cP\u003eLa visionneuse Microsoft Powerpoint 2003 n\u0027est pas affect\u00e9e  par ces vuln\u00e9rabilit\u00e9s, ainsi que les produits de Microsoft Works  Suite.\u003c/P\u003e",
  "content": "## Description\n\nCet avis fait suite \u00e0 la mise \u00e0 jour de l\u0027alerte CERTA-2006-ALE-009-002.\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le logiciel de\npr\u00e9sentations Microsoft Office Powerpoint. L\u0027une d\u0027elles concerne la\nbiblioth\u00e8que mso.dll utilis\u00e9e par la suite Office.\n\nPour exploiter celles-ci, un utilisateur malveillant doit construire un\ndocument Powerpoint particulier, puis le distribuer (par courrier\n\u00e9lectronique, par lien dans une page Web, etc). Si un utilisateur\nl\u0027ouvre sur un syst\u00e8me vuln\u00e9rable, il est alors possible d\u0027ex\u00e9cuter des\ncommandes arbitraires avec les droits de ce dernier.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-3449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3449"
    },
    {
      "name": "CVE-2006-3590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3590"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence \u00e0 l\u0027alerte CERTA CERTA-ALE-2006-009 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ALE-009/"
    }
  ],
  "reference": "CERTA-2006-AVI-346",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-08-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Microsoft Office\nPowerpoint. Une personne malveillante peut construire des documents\nPowerpoint exploitant l\u0027une d\u0027elles afin d\u0027ex\u00e9cuter des commandes\narbitraires lorsqu\u0027ils seront ouverts sur le syst\u00e8me ayant une version\nvuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office, dont Powerpoint",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-048 du 08 ao\u00fbt 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-048.mspx"
    }
  ]
}

FKIE_CVE-2006-3449

Vulnerability from fkie_nvd - Published: 2006-08-09 00:04 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://securityreason.com/securityalert/1342	Third Party Advisory
secure@microsoft.com	http://securitytracker.com/id?1016657	Third Party Advisory, VDB Entry
secure@microsoft.com	http://secway.org/advisory/AD20060808.txt	Not Applicable
secure@microsoft.com	http://www.kb.cert.org/vuls/id/884252	Patch, Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.securityfocus.com/archive/1/442592/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/19341	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch, Third Party Advisory, US Government Resource
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1342	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016657	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://secway.org/advisory/AD20060808.txt	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/884252	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/442592/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19341	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	powerpoint	2000
microsoft	powerpoint	2000
microsoft	powerpoint	2000
microsoft	powerpoint	2000
microsoft	powerpoint	2000
microsoft	powerpoint	2000
microsoft	powerpoint	2000
microsoft	powerpoint	2001
microsoft	powerpoint	2002
microsoft	powerpoint	2002
microsoft	powerpoint	2002
microsoft	powerpoint	2002
microsoft	powerpoint	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:ja:*:*:*:*",
              "matchCriteriaId": "FF8DA1F4-51F5-4701-BA23-6A77057DD420",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:ko:*:*:*:*",
              "matchCriteriaId": "FB88D5F8-4D7A-4D77-9F05-4910405E0A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*",
              "matchCriteriaId": "C8CCDE97-AE42-4BB8-9947-5BBD81DA6CA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "0D64E16F-0E13-4679-A68D-66866A77149F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "16844C40-F012-4C19-9028-D05014EBF7D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "5843C1AA-953B-4CC1-9B1B-AF9969BB1A59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2001:*:*:*:*:mac_os:*:*",
              "matchCriteriaId": "88499AA7-D0AD-4914-8B24-153EEED8DF7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "054BA29C-3320-475D-95AE-996BAA04D464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "B3DC15E7-F1C3-42D0-AE3E-DDF6300FCD7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "34C63AE5-4584-4A51-B20D-36FA6DE01C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft PowerPoint 2000 hasta 2003, posiblemenet un desbordamiento de b\u00fafer, permite a atacantes remotos con intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n mediante un registro mal formado en el formato de archivo BIFF utilizado en un archivo PPT, un problema distinto de CVE-2006-1540, tambi\u00e9n conocido como \"Vulnerabilidad de Registro Mal Formado de Microsoft PowerPoint\" (\"Microsoft PowerPoint Malformed Record Vulnerability\")."
    }
  ],
  "id": "CVE-2006-3449",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-09T00:04:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/1342"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016657"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secway.org/advisory/AD20060808.txt"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/884252"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/19341"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://securityreason.com/securityalert/1342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1016657"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://secway.org/advisory/AD20060808.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/884252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/19341"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2006-3449

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3449

Aliases

CVE-2006-3449

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3449",
    "description": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\"",
    "id": "GSD-2006-3449"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3449"
      ],
      "details": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\"",
      "id": "GSD-2006-3449",
      "modified": "2023-12-13T01:19:57.494828Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-3449",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1342",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1342"
          },
          {
            "name": "MS06-048",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
          },
          {
            "name": "19341",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19341"
          },
          {
            "name": "VU#884252",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/884252"
          },
          {
            "name": "http://secway.org/advisory/AD20060808.txt",
            "refsource": "MISC",
            "url": "http://secway.org/advisory/AD20060808.txt"
          },
          {
            "name": "1016657",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016657"
          },
          {
            "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
          },
          {
            "name": "TA06-220A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:348",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2001:*:*:*:*:mac_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:ko:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:ja:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3449"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "VU#884252",
              "refsource": "CERT-VN",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/884252"
            },
            {
              "name": "http://secway.org/advisory/AD20060808.txt",
              "refsource": "MISC",
              "tags": [
                "Not Applicable"
              ],
              "url": "http://secway.org/advisory/AD20060808.txt"
            },
            {
              "name": "19341",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/19341"
            },
            {
              "name": "1016657",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1016657"
            },
            {
              "name": "1342",
              "refsource": "SREASON",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://securityreason.com/securityalert/1342"
            },
            {
              "name": "oval:org.mitre.oval:def:348",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
            },
            {
              "name": "MS06-048",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
            },
            {
              "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:47Z",
      "publishedDate": "2006-08-09T00:04Z"
    }
  }
}

GHSA-46J2-PH3P-G234

Vulnerability from github – Published: 2022-05-01 07:09 – Updated: 2022-05-01 07:09

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3449"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-08-09T00:04:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\"",
  "id": "GHSA-46j2-ph3p-g234",
  "modified": "2022-05-01T07:09:14Z",
  "published": "2022-05-01T07:09:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3449"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1342"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016657"
    },
    {
      "type": "WEB",
      "url": "http://secway.org/advisory/AD20060808.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/884252"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19341"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3449 (GCVE-0-2006-3449)

CERTA-2006-AVI-346

Description

Solution

CERTA-2006-AVI-346

Description

Solution

FKIE_CVE-2006-3449

GSD-2006-3449

GHSA-46J2-PH3P-G234

Tags

Sightings

Nomenclature