Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3435

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-3435
Last Modified 08 Apr 2011 12:00:00
Published 10 Oct 2006 05:07:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-3435

Summary

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office 2004

  • Microsoft Office V.x

  • Microsoft Office Xp


References

CERT-VN - VU#187028

MS - MS06-058

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-032.html

VUPEN - ADV-2006-3977

BID - 20304

HP - SSRT061264

HP - HPSBST02161

BUGTRAQ - 20061010 ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability

OSVDB - 29446

SECTRACK - 1017030

Related Patches

MS06-058 924163 MS06-059 924164 MS06-060 924554 MS06-062 922581 924999 Microsoft Office 2004 Update 11.3.0 (Rev 6)


Last Updated: 27 May 2016 10:43:00