#VU1178 Memory corruption in Microsoft products - CVE-2006-3590
Published: November 15, 2016 / Updated: December 5, 2016
Vulnerability identifier: #VU1178
Vulnerability risk: Critical
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
CVE-ID: CVE-2006-3590
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft PowerPoint for macOS
Microsoft Office
Microsoft Office for macOS
Microsoft PowerPoint for macOS
Microsoft Office
Microsoft Office for macOS
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to memory corruption in mso.dll. By persuading the victim to open a specially crafted PPT file, containing a malformed shape container, a remote attacker can execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in complete compromise of vulnerable system.
Note: this vulnerability was being actively exploited.
The weakness is due to memory corruption in mso.dll. By persuading the victim to open a specially crafted PPT file, containing a malformed shape container, a remote attacker can execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in complete compromise of vulnerable system.
Note: this vulnerability was being actively exploited.
Remediation
Microsoft PowerPoint 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=B7B5615B-7C20-4C49-892F-7F4CCC2D6006
Microsoft PowerPoint 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA
Microsoft PowerPoint 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081
PowerPoint 2004 for Mac - https://www.microsoft.com/mac
PowerPoint v. X for Mac - https://www.microsoft.com/mac
Microsoft PowerPoint 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=A9C7E43B-A0A6-4C81-87ED-3F4DED78EAEA
Microsoft PowerPoint 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=DE1CB2A7-5D4C-44B8-BC40-7E0A88CC3081
PowerPoint 2004 for Mac - https://www.microsoft.com/mac
PowerPoint v. X for Mac - https://www.microsoft.com/mac