Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-ALE-009
Vulnerability from certfr_alerte - Published: - Updated:
Une vulnérabilité non corrigée dans une librairie de Microsoft Office permettrait à un utilisateur mal intentionné d'exécuter du code arbitraire ou de provoquer un déni de service à distance. Un code en circulation exploite cette vulnérabilité par le biais de documents Powerpoint.
Description
Les fonctions mso (Microsoft Office) sont des fonctions spéciales disponibles dans la librairie mso.dll d'Office. Elles s'occupent par exemple des affichages de bulles, des barres de menu, des boîtes de dialogue, etc. Ces fonctions sont appelées par plusieurs applications de Microsoft Office, notamment Word ou Powerpoint.
Une vulnérabilité a été identifiée dans la librairie mso.dll. Elle fait l'objet d'une utilisation par du code malveillant sur l'Internet. Elle est exploitée par le biais d'un document Powerpoint.
Powerpoint serait également impacté par deux autres vulnérabilités. Cette information n'est pas confirmée pour le moment.
Contournement provisoire
5.1 Utiliser les visionneuses Office dans la mesure du possible
La visionneuse de documents Powerpoint ne serait pas affectée par les vulnérabilités précédentes.
5.2 Mettre à jour la base de signatures d'antivirus
Certains éditeurs d'antivirus proposent déjà des mises à jour de signatures prenant en compte le code malveillant sous sa forme actuelle. Il est cependant probable que des variantes apparaissent afin de contourner ces signatures.
5.3 Filter les pièces jointes au niveau de la passerelle de la messagerie
Les passerelles de messagerie offrent le plus souvent la possibilité de filtrer les documents en pièce jointe. Dans les cas les plus simples, elles se basent sur l'extension du nom du fichier. Dans la mesure du possible, il est conseillé de filtrer les extensions .ppt venant de domaines externes.
5.4 Ouvrir les documents provenant de sources de confiance
A la réception d'un document Office (au format .ppt compte tenu du code malveillant actuel), soit par le biais de la messagerie électronique ou sur tout autre support, il est nécessaire de s'assurer de la provenance de ce fichier et de ne l'ouvrir que si la source est de confiance.
Solution
Appliquer le correctif MS06-048 de l'éditeur Microsoft (Cf. section documentation).
- Microsoft Powerpoint dans Microsoft Office XP ;
- Microsoft Powerpoint 2002 dans Microsoft Office 2003 ;
- Microsoft Powerpoint 2003 dans 0ffice 2000 ;
- Microsoft Powerpoint dans Office 2004 pour MacOS.
Microsoft Office concerne une suite d'applications, incluant Excel, FrontPage, Outlook, Powerpoint, Publisher et Word.
La visionneuse de documents Powerpoint (Microsoft Powerpoint Viewer) ne serait pas affectée par cette vulnérabilité.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cUL\u003e \u003cLI\u003eMicrosoft Powerpoint dans Microsoft Office XP ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Powerpoint 2002 dans Microsoft Office 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Powerpoint 2003 dans 0ffice 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Powerpoint dans Office 2004 pour MacOS.\u003c/LI\u003e \u003c/UL\u003e \u003cP\u003eMicrosoft Office concerne une suite d\u0027applications, incluant Excel, FrontPage, Outlook, Powerpoint, Publisher et Word.\u003c/P\u003e \u003cP\u003eLa visionneuse de documents Powerpoint (\u003cTT\u003eMicrosoft Powerpoint Viewer\u003c/TT\u003e) ne serait pas affect\u00e9e par cette vuln\u00e9rabilit\u00e9.\u003c/P\u003e",
"closed_at": "2006-08-09",
"content": "## Description\n\nLes fonctions mso (Microsoft Office) sont des fonctions sp\u00e9ciales\ndisponibles dans la librairie mso.dll d\u0027Office. Elles s\u0027occupent par\nexemple des affichages de bulles, des barres de menu, des bo\u00eetes de\ndialogue, etc. Ces fonctions sont appel\u00e9es par plusieurs applications de\nMicrosoft Office, notamment Word ou Powerpoint.\n\nUne vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans la librairie mso.dll. Elle fait\nl\u0027objet d\u0027une utilisation par du code malveillant sur l\u0027Internet. Elle\nest exploit\u00e9e par le biais d\u0027un document Powerpoint.\n\nPowerpoint serait \u00e9galement impact\u00e9 par deux autres vuln\u00e9rabilit\u00e9s.\nCette information n\u0027est pas confirm\u00e9e pour le moment.\n\n## Contournement provisoire\n\n## 5.1 Utiliser les visionneuses Office dans la mesure du possible\n\nLa visionneuse de documents Powerpoint ne serait pas affect\u00e9e par les\nvuln\u00e9rabilit\u00e9s pr\u00e9c\u00e9dentes.\n\n## 5.2 Mettre \u00e0 jour la base de signatures d\u0027antivirus\n\nCertains \u00e9diteurs d\u0027antivirus proposent d\u00e9j\u00e0 des mises \u00e0 jour de\nsignatures prenant en compte le code malveillant sous sa forme actuelle.\nIl est cependant probable que des variantes apparaissent afin de\ncontourner ces signatures.\n\n## 5.3 Filter les pi\u00e8ces jointes au niveau de la passerelle de la messagerie\n\nLes passerelles de messagerie offrent le plus souvent la possibilit\u00e9 de\nfiltrer les documents en pi\u00e8ce jointe. Dans les cas les plus simples,\nelles se basent sur l\u0027extension du nom du fichier. Dans la mesure du\npossible, il est conseill\u00e9 de filtrer les extensions .ppt venant de\ndomaines externes.\n\n## 5.4 Ouvrir les documents provenant de sources de confiance\n\nA la r\u00e9ception d\u0027un document Office (au format .ppt compte tenu du code\nmalveillant actuel), soit par le biais de la messagerie \u00e9lectronique ou\nsur tout autre support, il est n\u00e9cessaire de s\u0027assurer de la provenance\nde ce fichier et de ne l\u0027ouvrir que si la source est de confiance.\n\n## Solution\n\nAppliquer le correctif MS06-048 de l\u0027\u00e9diteur Microsoft (Cf. section\ndocumentation).\n",
"cves": [
{
"name": "CVE-2006-3656",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3656"
},
{
"name": "CVE-2006-3590",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3590"
},
{
"name": "CVE-2006-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3655"
},
{
"name": "CVE-2006-3660",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3660"
},
{
"name": "CVE-2006-3493",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3493"
}
],
"links": [
{
"title": "T\u00e9l\u00e9chargement de la visionneuse Microsoft Powerpoint :",
"url": "http://www.microsoft.com/downloads/Products.aspx?displaylang=fr"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-048 du 08 ao\u00fbt 2006 :",
"url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-046.mspx"
},
{
"title": "Avis CERTA CERTA-2006-AVI-346 du 09 ao\u00fbt 2006 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-346/"
},
{
"title": "Memento du CERTA sur les virus informatiques :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2005-MEM-001.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-048 du 08 ao\u00fbt 2006 :",
"url": "http://www.microsoft.com/technet/security/Bulletin/MS06-048.mspx"
}
],
"reference": "CERTA-2006-ALE-009",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-07-15T00:00:00.000000"
},
{
"description": "ajout de r\u00e9f\u00e9rences.",
"revision_date": "2006-07-18T00:00:00.000000"
},
{
"description": "ajout du correctif MS06-048 de Microsoft et de l\u0027avis CERTA-2006-AVI-346.",
"revision_date": "2006-08-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 non corrig\u00e9e dans une librairie de Microsoft Office\npermettrait \u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire ou de provoquer un d\u00e9ni de service \u00e0 distance. Un code en\ncirculation exploite cette vuln\u00e9rabilit\u00e9 par le biais de documents\nPowerpoint.\n",
"title": "Vuln\u00e9rabilit\u00e9 de la librairie MSO.DLL dans Microsoft Office",
"vendor_advisories": []
}
CVE-2006-3590 (GCVE-0-2006-3590)
Vulnerability from cvelistv5 – Published: 2006-07-14 18:00 – Updated: 2024-08-07 18:30
VLAI?
EPSS
Summary
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:34.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-048",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
},
{
"name": "21040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21040"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.php?storyid=1484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.securiteam.com/?p=508"
},
{
"name": "20060718 New PowerPoint Trojan installs itself as LSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"
},
{
"name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "ADV-2006-2795",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2795"
},
{
"name": "1016496",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016496"
},
{
"name": "VU#936945",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936945"
},
{
"name": "27324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27324"
},
{
"name": "powerpoint-mso-code-execution(27740)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"
},
{
"name": "18957",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18957"
},
{
"name": "oval:org.mitre.oval:def:399",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MS06-048",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
},
{
"name": "21040",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21040"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.php?storyid=1484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.securiteam.com/?p=508"
},
{
"name": "20060718 New PowerPoint Trojan installs itself as LSP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"
},
{
"name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"
},
{
"name": "TA06-220A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "ADV-2006-2795",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2795"
},
{
"name": "1016496",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016496"
},
{
"name": "VU#936945",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936945"
},
{
"name": "27324",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27324"
},
{
"name": "powerpoint-mso-code-execution(27740)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"
},
{
"name": "18957",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18957"
},
{
"name": "oval:org.mitre.oval:def:399",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-048",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
},
{
"name": "21040",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21040"
},
{
"name": "http://isc.sans.org/diary.php?storyid=1484",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?storyid=1484"
},
{
"name": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html",
"refsource": "MISC",
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"
},
{
"name": "http://blogs.securiteam.com/?p=508",
"refsource": "MISC",
"url": "http://blogs.securiteam.com/?p=508"
},
{
"name": "20060718 New PowerPoint Trojan installs itself as LSP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"
},
{
"name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"
},
{
"name": "TA06-220A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
},
{
"name": "ADV-2006-2795",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2795"
},
{
"name": "1016496",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016496"
},
{
"name": "VU#936945",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936945"
},
{
"name": "27324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27324"
},
{
"name": "powerpoint-mso-code-execution(27740)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"
},
{
"name": "18957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18957"
},
{
"name": "oval:org.mitre.oval:def:399",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3590",
"datePublished": "2006-07-14T18:00:00",
"dateReserved": "2006-07-14T00:00:00",
"dateUpdated": "2024-08-07T18:30:34.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3660 (GCVE-0-2006-3660)
Vulnerability from cvelistv5 – Published: 2006-07-17 19:00 – Updated: 2024-08-07 18:39
VLAI?
EPSS
Summary
Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060715 MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440106/30/30/threaded"
},
{
"name": "21061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "powerpoint-powerpnt-unspecified(27783)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27783"
},
{
"name": "ADV-2006-2815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "18993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060715 MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440106/30/30/threaded"
},
{
"name": "21061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "powerpoint-powerpnt-unspecified(27783)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27783"
},
{
"name": "ADV-2006-2815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "18993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060715 MS Power Point Multiple Vulnerabilities (powerpnt.exe)- POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440106/30/30/threaded"
},
{
"name": "21061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "powerpoint-powerpnt-unspecified(27783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27783"
},
{
"name": "ADV-2006-2815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "18993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3660",
"datePublished": "2006-07-17T19:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3656 (GCVE-0-2006-3656)
Vulnerability from cvelistv5 – Published: 2006-07-17 19:00 – Updated: 2024-08-07 18:39
VLAI?
EPSS
Summary
Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:54.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "powerpoint-unspecified-memory-corruption(27782)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27782"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt"
},
{
"name": "19229",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19229"
},
{
"name": "ADV-2006-2815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "20060715 MS Power Point Multiple Vulnerabilities - (memory corruption) POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440108/100/0/threaded"
},
{
"name": "18993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18993"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "powerpoint-unspecified-memory-corruption(27782)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27782"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt"
},
{
"name": "19229",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19229"
},
{
"name": "ADV-2006-2815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "20060715 MS Power Point Multiple Vulnerabilities - (memory corruption) POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440108/100/0/threaded"
},
{
"name": "18993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18993"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "powerpoint-unspecified-memory-corruption(27782)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27782"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt"
},
{
"name": "19229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19229"
},
{
"name": "ADV-2006-2815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "20060715 MS Power Point Multiple Vulnerabilities - (memory corruption) POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440108/100/0/threaded"
},
{
"name": "18993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18993"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3656",
"datePublished": "2006-07-17T19:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:54.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3493 (GCVE-0-2006-3493)
Vulnerability from cvelistv5 – Published: 2006-07-10 22:00 – Updated: 2024-08-07 18:30
VLAI?
EPSS
Summary
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.996Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18905",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18905"
},
{
"name": "20060710 MS Word Unchecked Boundary Condition Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439649/100/0/threaded"
},
{
"name": "1016453",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016453"
},
{
"name": "20060707 MS Word Unchecked Boundary Condition Vulnerability - POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html"
},
{
"name": "ADV-2006-2720",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2720"
},
{
"name": "20060707 MS Word Unchecked Boundary Condition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115231380526820\u0026w=2"
},
{
"name": "20060711 Fuzzing Microsoft Office",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115261598510657\u0026w=2"
},
{
"name": "office-lscreateline-dos(27617)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27617"
},
{
"name": "20060711 Fuzzing Microsoft Office",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439878/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "18905",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18905"
},
{
"name": "20060710 MS Word Unchecked Boundary Condition Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439649/100/0/threaded"
},
{
"name": "1016453",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016453"
},
{
"name": "20060707 MS Word Unchecked Boundary Condition Vulnerability - POC",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html"
},
{
"name": "ADV-2006-2720",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2720"
},
{
"name": "20060707 MS Word Unchecked Boundary Condition",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115231380526820\u0026w=2"
},
{
"name": "20060711 Fuzzing Microsoft Office",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=115261598510657\u0026w=2"
},
{
"name": "office-lscreateline-dos(27617)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27617"
},
{
"name": "20060711 Fuzzing Microsoft Office",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439878/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3493",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18905"
},
{
"name": "20060710 MS Word Unchecked Boundary Condition Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439649/100/0/threaded"
},
{
"name": "1016453",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016453"
},
{
"name": "20060707 MS Word Unchecked Boundary Condition Vulnerability - POC",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047732.html"
},
{
"name": "ADV-2006-2720",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2720"
},
{
"name": "20060707 MS Word Unchecked Boundary Condition",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115231380526820\u0026w=2"
},
{
"name": "20060711 Fuzzing Microsoft Office",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=115261598510657\u0026w=2"
},
{
"name": "office-lscreateline-dos(27617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27617"
},
{
"name": "20060711 Fuzzing Microsoft Office",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439878/100/0/threaded"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx",
"refsource": "MISC",
"url": "http://blogs.technet.com/msrc/archive/2006/07/10/441006.aspx"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3493",
"datePublished": "2006-07-10T22:00:00",
"dateReserved": "2006-07-10T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.996Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3655 (GCVE-0-2006-3655)
Vulnerability from cvelistv5 – Published: 2006-07-17 19:00 – Updated: 2024-08-07 18:39
VLAI?
EPSS
Summary
Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "27325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/27325"
},
{
"name": "ADV-2006-2815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "18993",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18993"
},
{
"name": "20060715 MS Power Point Multiple Vulnerabilities - (mso.dll) POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440107/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21061",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "27325",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/27325"
},
{
"name": "ADV-2006-2815",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "18993",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18993"
},
{
"name": "20060715 MS Power Point Multiple Vulnerabilities - (mso.dll) POC",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440107/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21061"
},
{
"name": "20060718 About the latest three Powerpoint vulnerabilities: exploitable?",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440370/100/0/threaded"
},
{
"name": "27325",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/27325"
},
{
"name": "ADV-2006-2815",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2815"
},
{
"name": "powerpoint-mso-code-execution2(27781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"
},
{
"name": "20060717 New CVE identifiers for separate PowerPoint 0-day issues assigned",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440867/100/0/threaded"
},
{
"name": "18993",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18993"
},
{
"name": "20060715 MS Power Point Multiple Vulnerabilities - (mso.dll) POC",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440107/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3655",
"datePublished": "2006-07-17T19:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…