CVE-2006-0009

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html
http://blogs.securiteam.com/?author=28
http://blogs.securiteam.com/?p=557
http://blogs.securiteam.com/?p=559
http://isc.sans.org/diary.php?storyid=1618
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html
http://secunia.com/advisories/19138	Patch Vendor Advisory
http://secunia.com/advisories/19238
http://securitytracker.com/id?1015766	Patch
http://securitytracker.com/id?1016720
http://securitytracker.com/id?1016886
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
http://www.darkreading.com/document.asp?doc_id=101970
http://www.kb.cert.org/vuls/id/682820	Third Party Advisory US Government Resource
http://www.osvdb.org/23903
http://www.securityfocus.com/archive/1/427671/100/0/threaded
http://www.securityfocus.com/archive/1/432004/30/5340/threaded
http://www.securityfocus.com/archive/1/443890/100/0/threaded
http://www.securityfocus.com/archive/1/444051/100/200/threaded
http://www.securityfocus.com/archive/1/446370/100/0/threaded
http://www.securityfocus.com/archive/1/446425/100/0/threaded
http://www.securityfocus.com/bid/17000	Patch
http://www.securityfocus.com/bid/20059
http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH
http://www.us-cert.gov/cas/techalerts/TA06-073A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/0950
http://www.vupen.com/english/advisories/2006/3678
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
https://exchange.xforce.ibmcloud.com/vulnerabilities/25009
https://exchange.xforce.ibmcloud.com/vulnerabilities/29009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A798
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html
http://blogs.securiteam.com/?author=28
http://blogs.securiteam.com/?p=557
http://blogs.securiteam.com/?p=559
http://isc.sans.org/diary.php?storyid=1618
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html
http://secunia.com/advisories/19138	Patch Vendor Advisory
http://secunia.com/advisories/19238
http://securitytracker.com/id?1015766	Patch
http://securitytracker.com/id?1016720
http://securitytracker.com/id?1016886
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
http://www.darkreading.com/document.asp?doc_id=101970
http://www.kb.cert.org/vuls/id/682820	Third Party Advisory US Government Resource
http://www.osvdb.org/23903
http://www.securityfocus.com/archive/1/427671/100/0/threaded
http://www.securityfocus.com/archive/1/432004/30/5340/threaded
http://www.securityfocus.com/archive/1/443890/100/0/threaded
http://www.securityfocus.com/archive/1/444051/100/200/threaded
http://www.securityfocus.com/archive/1/446370/100/0/threaded
http://www.securityfocus.com/archive/1/446425/100/0/threaded
http://www.securityfocus.com/bid/17000	Patch
http://www.securityfocus.com/bid/20059
http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH
http://www.us-cert.gov/cas/techalerts/TA06-073A.html	Third Party Advisory US Government Resource
http://www.vupen.com/english/advisories/2006/0950
http://www.vupen.com/english/advisories/2006/3678
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
https://exchange.xforce.ibmcloud.com/vulnerabilities/25009
https://exchange.xforce.ibmcloud.com/vulnerabilities/29009
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1553
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1653
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A798

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:office:2000:sp3::::::
	cpe:2.3:a:microsoft:office:2003:sp1::::::
	cpe:2.3:a:microsoft:office:2003:sp2::::::
	cpe:2.3:a:microsoft:office:2004::mac:::::
	cpe:2.3:a:microsoft:office:v.x::mac:::::
	cpe:2.3:a:microsoft:office:xp:sp3::::::
	cpe:2.3:a:microsoft:works:2000:::::::*
	cpe:2.3:a:microsoft:works:2001:::::::*
	cpe:2.3:a:microsoft:works:2002:::::::*
	cpe:2.3:a:microsoft:works:2003:::::::*
	cpe:2.3:a:microsoft:works:2004:::::::*
	cpe:2.3:a:microsoft:works:2005:::::::*
	cpe:2.3:a:microsoft:works:2006:::::::*

History

21 Nov 2024, 00:05

Information

Published : 2006-03-14 23:02

Updated : 2025-04-03 01:03

NVD link : CVE-2006-0009

Mitre link : CVE-2006-0009

CVE.ORG link : CVE-2006-0009

JSON object : View

Products Affected

microsoft

office
works

CWE

NVD-CWE-Other

{"id": "CVE-2006-0009", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": true}]}, "published": "2006-03-14T23:02:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html", "source": "secure@microsoft.com"}, {"url": "http://blogs.securiteam.com/?author=28", "source": "secure@microsoft.com"}, {"url": "http://blogs.securiteam.com/?p=557", "source": "secure@microsoft.com"}, {"url": "http://blogs.securiteam.com/?p=559", "source": "secure@microsoft.com"}, {"url": "http://isc.sans.org/diary.php?storyid=1618", "source": "secure@microsoft.com"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html", "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/19138", "tags": ["Patch", "Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "http://secunia.com/advisories/19238", "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1015766", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1016720", "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1016886", "source": "secure@microsoft.com"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", "source": "secure@microsoft.com"}, {"url": "http://www.darkreading.com/document.asp?doc_id=101970", "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/682820", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.osvdb.org/23903", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/427671/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/432004/30/5340/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/443890/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/444051/100/200/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/446370/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/446425/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/17000", "tags": ["Patch"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/20059", "source": "secure@microsoft.com"}, {"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt", "source": "secure@microsoft.com"}, {"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99", "source": "secure@microsoft.com"}, {"url": "http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH", "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-073A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/0950", "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/3678", "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25009", "source": "secure@microsoft.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29009", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1504", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1553", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1653", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A798", "source": "secure@microsoft.com"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://blogs.securiteam.com/?author=28", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://blogs.securiteam.com/?p=557", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://blogs.securiteam.com/?p=559", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://isc.sans.org/diary.php?storyid=1618", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/19138", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/19238", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015766", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016720", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1016886", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.darkreading.com/document.asp?doc_id=101970", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/682820", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/23903", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/427671/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/432004/30/5340/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/443890/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/444051/100/200/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/446370/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/446425/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/17000", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/20059", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-073A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0950", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/3678", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25009", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29009", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1504", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1553", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1653", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A798", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89"}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4"}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9409A9BD-1E9B-49B8-884F-8FE569D8AA25"}, {"criteria": "cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A57804E-CD79-4431-AA97-0F85C2CE20C1"}, {"criteria": "cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79BA1175-7F02-4435-AEA6-1BA8AADEB7EF"}, {"criteria": "cpe:2.3:a:microsoft:works:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78389936-D2E5-4A3A-8E7A-AA42FFAD832B"}, {"criteria": "cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4ADD440-2CF5-4BC9-8C48-91CF8D5500BD"}, {"criteria": "cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17037BD9-742D-42E2-98CC-C764E6F71957"}, {"criteria": "cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B77363A-53A3-4CFC-87E0-B7D33445ACEF"}, {"criteria": "cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F98B6FDD-E9AA-49A4-8D9C-422DF5520A66"}, {"criteria": "cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB8E7A05-97EE-40A4-A410-B2DE582AA381"}, {"criteria": "cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C180D46-EEFE-416B-AB4D-A7EF0B749105"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}

5.1 /10