Risk | High |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2006-3877 CVE-2006-3876 CVE-2006-3435 |
CWE-ID | CWE-119 CWE-476 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software |
Other Microsoft PowerPoint for Mac Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications |
Vendor |
Microsoft |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
This security bulletin describes 3 remote code execution vulnerabilities in Microsoft PowerPoint.
EUVDB-ID: #VU1218
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3877
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by a boundary error when parsing malformed data records within the PowerPoint file. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability was incorrectly patched in MS06-058. In February Microsoft released another bulletin MS07-015 to address this vulnerability again.Install the following patches:
Microsoft Office 2000 Service Pack 3 — Download the update (KB 929062)
Microsoft Office XP Service Pack 3 — Download the update (KB929063)
Microsoft Office 2003 Service Pack 2 — Download the update (KB929064)
Microsoft Office 2004 for Mac — Download the update (KB932185)
: 2000 - 2003
Microsoft PowerPoint for Mac: v.X
Microsoft Office: XP - 2003
Microsoft Office for Mac: 2004
CPE2.3http://technet.microsoft.com/en-us/library/security/ms06-058.aspx
http://technet.microsoft.com/library/security/ms07-015
http://www.kb.cert.org/vuls/id/205948
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1217
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3876
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by a boundary error when parsing malformed data records within the PowerPoint presentation. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Install the following patches:
Microsoft Office 2000 Service Pack 3 — Download the update (KB923093)
Microsoft Office XP Service Pack 3 — Download the update (KB923092)
Microsoft Office 2003 Service Pack 1 or Service Pack 2 — Download the update (KB923091)
Microsoft PowerPoint 2004 for Mac - Download the update (KB924999)
Microsoft PowerPoint v. X for Mac - Download the update (KB924998)
: 2000 - 2003
Microsoft PowerPoint for Mac: v.X
Microsoft Office: XP - 2003
Microsoft Office for Mac: 2004
CPE2.3http://technet.microsoft.com/en-us/library/security/ms06-058.aspx
http://www.kb.cert.org/vuls/id/938196
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1216
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3435
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by NULL pointer dereference error when parsing of a malformed slide notes field within the PowerPoint presentation. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the following patch:
Microsoft Office 2003 Service Pack 1 or Service Pack 2 — Download the update (KB923091)
Vulnerable software versions: 2003
Microsoft Office: 2003
CPE2.3 External linkshttp://technet.microsoft.com/en-us/library/security/ms06-058.aspx
http://www.zerodayinitiative.com/advisories/ZDI-06-032/
http://www.kb.cert.org/vuls/id/187028
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.