Vulnerability Name: CVE-2006-3650 (CCN-29212) Assigned: 2006-10-10 Published: 2006-10-10 Updated: 2018-10-30 Summary: Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434 , CVE-2006-3864 , and CVE-2006-3868 . CVSS v3 Severity: 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): LowIntegrity (I): LowAvailibility (A): Low
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P 3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2006-3650 Microsoft Office Multiple Code Execution Vulnerabilities 22339 Microsoft Office String, Chart Record, and SmartTag Validation Errors Let Remote Users Execute Arbitrary Code 1017034 Windows Security Updates for October 2006 - (MS06-056 - MS06-065) Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) Vulnerability in OneNote Could Allow Remote Code Execution (2977201) Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301) Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) Security Updates for Microsoft Office (3096440) Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Security Update for Microsoft Office to Address Remote Code Execution (3116111) Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Security Update for Microsoft Office to Address Remote Code Execution (3134226) Security Update for Microsoft Office to Address Remote Code Execution (3141806) Security Update for Microsoft Office (3148775) Security Update for Microsoft Office (3155544) Security Update for Office (3163610) Security Updates for Office (3170008) Security Update for Office (3177451) Security Update for Microsoft Office (3185852) Security Update for Microsoft Office (3194063) Security Update for Microsoft Office (3199168) Security Update for Microsoft Office (3204068) Security Update for Microsoft Office (3214291) Security Update for Microsoft Graphics Component (4013075) Security Update for Microsoft Office (4013241) Microsoft Office fails to properly parse malformed chart records VU#534276 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047) Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) 29428 Microsoft Office Malformed Chart Record Unspecified Arbitrary Code Execution 20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability SSRT061264 20383 Microsoft Office Malformed Chart Record Remote Code Execution Vulnerability ADV-2006-3981 http://www.zerodayinitiative.com/advisories/ZDI-06-034.html MS06-062 office-chart-code-execution(29212) oval:org.mitre.oval:def:222 Microsoft Office Word Malformed Chart Code Execution Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:office:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2000:*:*:ja:*:*:*:* OR cpe:/a:microsoft:office:2000:*:*:ko:*:*:*:* OR cpe:/a:microsoft:office:2000:*:*:zh:*:*:*:* OR cpe:/a:microsoft:office:2000:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office:2000:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2000:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2001:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2001:*:*:*:*:mac_os:*:* OR cpe:/a:microsoft:office:2001:sr1:*:*:*:mac_os:*:* OR cpe:/a:microsoft:office:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2003:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2003:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2004:*:*:*:*:mac_os:*:* OR cpe:/a:microsoft:office:v.x:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:microsoft:outlook:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:frontpage:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:access:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:access:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:frontpage:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:publisher:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:publisher:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:visio:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:word:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:project:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:visio:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:frontpage:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:publisher:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:project:2002:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:visio:2002:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:xp:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:office_infopath:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:onenote:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2000:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2003:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:access:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:word_viewer:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2004:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:project:2000:sr1:*:*:*:*:*:* Oval Definitions BACK
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000
microsoft office 2000 sp1
microsoft office 2000 sp2
microsoft office 2000 sp3
microsoft office 2001
microsoft office 2001
microsoft office 2001 sr1
microsoft office 2003
microsoft office 2003 sp1
microsoft office 2003 sp2
microsoft office 2003 sp3
microsoft office 2004
microsoft office v.x
microsoft outlook 2000
microsoft frontpage 2000
microsoft powerpoint 2000
microsoft excel 2000
microsoft word 2000
microsoft word 2002
microsoft outlook 2002
microsoft excel 2002
microsoft powerpoint 2002
microsoft access 2000
microsoft access 2002
microsoft frontpage 2002
microsoft publisher 2000
microsoft publisher 2002
microsoft visio 2002
microsoft word 2003
microsoft outlook 2003
microsoft project 2003
microsoft visio 2003
microsoft frontpage 2003
microsoft publisher 2003
microsoft project 2002 sp1
microsoft visio 2002 sp2
microsoft office xp sp3
microsoft excel 2003
microsoft powerpoint 2003
microsoft office infopath 2003
microsoft onenote 2003
microsoft office 2000 sp3
microsoft office 2003 sp1
microsoft access 2003
microsoft word viewer 2003
microsoft office 2003 sp2
microsoft office 2004
microsoft excel viewer 2003
microsoft project 2000 sr1
Denotes that component is vulnerable