Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2006-3435
HistoryOct 10, 2006 - 9:07 p.m.

CVE-2006-3435

2006-10-1021:07:00
CWE-94
[email protected]
web.nvd.nist.gov
7

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.794

Percentile

98.3%

JSON

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.

Affected configurations

Nvd
Node
microsoftofficeMatch2000
OR
microsoftofficeMatch2000sp1
OR
microsoftofficeMatch2000sp2
OR
microsoftofficeMatch2000sp3
OR
microsoftofficeMatch2003
OR
microsoftofficeMatch2003sp1
OR
microsoftofficeMatch2003sp2
OR
microsoftofficeMatch2003sp3
OR
microsoftofficeMatch2004mac
OR
microsoftofficeMatchv.x
OR
microsoftofficeMatchxp
OR
microsoftofficeMatchxpsp1
OR
microsoftofficeMatchxpsp2
OR
microsoftofficeMatchxpsp3
VendorProductVersionCPE
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*
microsoftoffice2000cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
microsoftoffice2003cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*
microsoftoffice2004cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
microsoftofficev.xcpe:2.3:a:microsoft:office:v.x:*:*:*:*:*:*:*
Rows per page:
1-10 of 141

Related

cvelist 6
cve 6
nvd 5
securityvulns 3
nessus 2
checkpoint_advisories 2
saint 4
cert 2
zdi 1
prion 1
cvelist
cvelist
CVE-2006-3435
2006-10-10 21:00:00
CVE-2006-3876
2006-10-10 21:00:00
CVE-2006-3877
2006-10-10 22:00:00
cve
cve
CVE-2006-3435
2006-10-10 21:07:00
CVE-2006-3876
2006-10-10 21:07:00
CVE-2006-3877
2006-10-10 22:07:00
nvd
nvd
CVE-2006-3876
2006-10-10 21:07:00
CVE-2006-3877
2006-10-10 22:07:00
CVE-2006-5296
2006-10-16 19:07:00
securityvulns
securityvulns
Microsoft Security Bulletin MS06-058 Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
2006-10-11 00:00:00
Microsoft Security Advisory (925984) Vulnerability in PowerPoint Could Allow Remote Code Execution
2006-09-28 00:00:00
ZDI-06-032: Microsoft Office PowerPoint Malformed Slide Notes Rebuilding Vulnerability
2006-10-11 00:00:00
nessus
nessus
MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
2006-10-10 00:00:00
MS06-058 / MS06-059 / MS06-0060 / MS06-062: Vulnerabilities in Microsoft Office Allow Remote Code Execution (924163 / 924164 / 924554 / 922581) (Mac OS X)
2006-10-11 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft PowerPoint Malformed Record Code Execution (MS06-058) - ver 2 (CVE-2006-4694)
2015-03-22 00:00:00
Microsoft PowerPoint Malformed Record Code Execution (MS06-058; CVE-2006-4694)
2015-03-29 00:00:00
saint
saint
Microsoft PowerPoint NamedShows record code execution
2006-10-12 00:00:00
Microsoft PowerPoint NamedShows record code execution
2006-10-12 00:00:00
Microsoft PowerPoint NamedShows record code execution
2006-10-12 00:00:00
cert
cert
Microsoft PowerPoint fails to properly handle malformed records
2006-09-27 00:00:00
Microsoft PowerPoint fails to properly handle malformed object pointers
2006-10-10 00:00:00
zdi
zdi
Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability
2006-10-10 00:00:00
prion
prion
Design/Logic Flaw
2007-02-14 01:28:00

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

Low

EPSS

0.794

Percentile

98.3%

JSON
Related for NVD:CVE-2006-3435
cvelist6cve6nvd5securityvulns3nessus2checkpoint_advisories2saint4cert2zdi1prion1