CVE-2006-3449

Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/securityalert/1342	Third Party Advisory
http://securitytracker.com/id?1016657	Third Party Advisory VDB Entry
http://secway.org/advisory/AD20060808.txt	Not Applicable
http://www.kb.cert.org/vuls/id/884252	Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/archive/1/442592/100/0/threaded
http://www.securityfocus.com/bid/19341	Third Party Advisory VDB Entry
http://www.us-cert.gov/cas/techalerts/TA06-220A.html	Patch Third Party Advisory US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:powerpoint:2000:::::::*
	cpe:2.3:a:microsoft:powerpoint:2000:::ja::::
	cpe:2.3:a:microsoft:powerpoint:2000:::ko::::
	cpe:2.3:a:microsoft:powerpoint:2000:::zh::::
	cpe:2.3:a:microsoft:powerpoint:2000:sp2::::::
	cpe:2.3:a:microsoft:powerpoint:2000:sp3::::::
	cpe:2.3:a:microsoft:powerpoint:2000:sr1::::::
	cpe:2.3:a:microsoft:powerpoint:2001:::::mac_os::
	cpe:2.3:a:microsoft:powerpoint:2002:::::::*
	cpe:2.3:a:microsoft:powerpoint:2002:sp1::::::
	cpe:2.3:a:microsoft:powerpoint:2002:sp2::::::
	cpe:2.3:a:microsoft:powerpoint:2002:sp3::::::
	cpe:2.3:a:microsoft:powerpoint:2003:::::::*

History

No history.

Information

Published : 2006-08-09 00:04

Updated : 2024-02-04 16:52

NVD link : CVE-2006-3449

Mitre link : CVE-2006-3449

CVE.ORG link : CVE-2006-3449

JSON object : View

Products Affected

microsoft

powerpoint

CWE

NVD-CWE-Other

{"id": "CVE-2006-3449", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-08-09T00:04:00.000", "references": [{"url": "http://securityreason.com/securityalert/1342", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}, {"url": "http://securitytracker.com/id?1016657", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://secway.org/advisory/AD20060808.txt", "tags": ["Not Applicable"], "source": "secure@microsoft.com"}, {"url": "http://www.kb.cert.org/vuls/id/884252", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/19341", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secure@microsoft.com"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html", "tags": ["Patch", "Third Party Advisory", "US Government Resource"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348", "tags": ["Third Party Advisory"], "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""}, {"lang": "es", "value": "Vulnerabilidad no especificada en Microsoft PowerPoint 2000 hasta 2003, posiblemenet un desbordamiento de b\u00fafer, permite a atacantes remotos con intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n mediante un registro mal formado en el formato de archivo BIFF utilizado en un archivo PPT, un problema distinto de CVE-2006-1540, tambi\u00e9n conocido como \"Vulnerabilidad de Registro Mal Formado de Microsoft PowerPoint\" (\"Microsoft PowerPoint Malformed Record Vulnerability\")."}], "lastModified": "2018-10-18T16:47:35.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:ja:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF8DA1F4-51F5-4701-BA23-6A77057DD420"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:ko:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB88D5F8-4D7A-4D77-9F05-4910405E0A2B"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8CCDE97-AE42-4BB8-9947-5BBD81DA6CA0"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D64E16F-0E13-4679-A68D-66866A77149F"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16844C40-F012-4C19-9028-D05014EBF7D2"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5843C1AA-953B-4CC1-9B1B-AF9969BB1A59"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2001:*:*:*:*:mac_os:*:*", "vulnerable": true, "matchCriteriaId": "88499AA7-D0AD-4914-8B24-153EEED8DF7A"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "054BA29C-3320-475D-95AE-996BAA04D464"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3DC15E7-F1C3-42D0-AE3E-DDF6300FCD7C"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34C63AE5-4584-4A51-B20D-36FA6DE01C86"}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}