Multiple vulnerabilities in Microsoft PowerPoint
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2006-3877 CVE-2006-3876 CVE-2006-3435 |
| CWE-ID | CWE-119 CWE-476 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft PowerPoint for Mac Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications |
| Vendor |
Microsoft |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
This security bulletin describes 3 remote code execution vulnerabilities in Microsoft PowerPoint.
1) Memory corruption
EUVDB-ID: #VU1218
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3877
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by a boundary error when parsing malformed data records within the PowerPoint file. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability was incorrectly patched in MS06-058. In February Microsoft released another bulletin MS07-015 to address this vulnerability again.Mitigation
Install the following patches:
Microsoft Office 2000 Service Pack 3 — Download the update (KB 929062)
Microsoft Office XP Service Pack 3 — Download the update (KB929063)
Microsoft Office 2003 Service Pack 2 — Download the update (KB929064)
Microsoft Office 2004 for Mac — Download the update (KB932185)
Vulnerable software versions
: 2000 - 2003
Microsoft PowerPoint for Mac: v.X
Microsoft Office: 2000 Service Pack 3 - XP
Microsoft Office for Mac: 2004
External linkshttp://technet.microsoft.com/en-us/library/security/ms06-058.aspx
http://technet.microsoft.com/library/security/ms07-015
http://www.kb.cert.org/vuls/id/205948
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU1217
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3876
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by a boundary error when parsing malformed data records within the PowerPoint presentation. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Mitigation
Install the following patches:
Microsoft Office 2000 Service Pack 3 — Download the update (KB923093)
Microsoft Office XP Service Pack 3 — Download the update (KB923092)
Microsoft Office 2003 Service Pack 1 or Service Pack 2 — Download the update (KB923091)
Microsoft PowerPoint 2004 for Mac - Download the update (KB924999)
Microsoft PowerPoint v. X for Mac - Download the update (KB924998)
Vulnerable software versions
: 2000 - 2003
Microsoft PowerPoint for Mac: v.X
Microsoft Office: 2000 Service Pack 3 - XP
Microsoft Office for Mac: 2004
External linkshttp://technet.microsoft.com/en-us/library/security/ms06-058.aspx
http://www.kb.cert.org/vuls/id/938196
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) NULL pointer dereference
EUVDB-ID: #VU1216
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2006-3435
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by NULL pointer dereference error when parsing of a malformed slide notes field within the PowerPoint presentation. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall the following patch:
Microsoft Office 2003 Service Pack 1 or Service Pack 2 — Download the update (KB923091)
Vulnerable software versions: 2003
Microsoft Office: 2003
External linkshttp://technet.microsoft.com/en-us/library/security/ms06-058.aspx
http://www.zerodayinitiative.com/advisories/ZDI-06-032/
http://www.kb.cert.org/vuls/id/187028
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
