Vulnerability Name: CVE-2006-3877 (CCN-29234) Assigned: 2006-10-10 Published: 2006-10-10 Updated: 2018-10-17 Summary: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435 , CVE-2006-4694 , and CVE-2006-3876 . CVSS v3 Severity: 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C 5.6 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2006-3877 Microsoft PowerPoint Errors in Parsing Object Pointers and Data Records Lets Remote Users Execute Arbitrary Code 1017030 Windows Security Updates for October 2006 - (MS06-056 - MS06-065) MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) Combined Security Update for Microsoft Office, Windows, .NET Framework, and Silverlight (2681578) Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670) Vulnerability in SQL Server Could Allow Elevation of Privilege (2754849) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) Vulnerability in Silverlight Could Allow Remote Code Execution (2814124) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) Vulnerability in Windows Components Could Allow Remote Code Execution (2848295) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) Vulnerability in Windows Journal Could Allow Remote Code Execution (2975689) Vulnerabilities in SQL Server Could Allow Elevation of Privilege (2984340) Vulnerability in OneNote Could Allow Remote Code Execution (2977201) Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710) Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301) Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) Security Updates for Microsoft Office (3096440) Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Security Update for Microsoft Office to Address Remote Code Execution (3116111) Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Security Update for Microsoft Office to Address Remote Code Execution (3134226) Security Update for Microsoft Office to Address Remote Code Execution (3141806) Security Update for Microsoft Office (3148775) Security Update for Microsoft Office (3155544) Security Update for Office (3163610) Security Updates for Office (3170008) Security Update for Office (3177451) Security Update for Microsoft Office (3185852) Security Update for Microsoft Office (3194063) Security Update for Microsoft Office (3199168) Security Update for Microsoft Office (3204068) Security Update for Microsoft Office (3214291) Security Update for Microsoft Graphics Component (4013075) Security Update for Microsoft Office (4013241) Microsoft PowerPoint malformed record memory corruption VU#205948 Vulnerabilities in Microsoft PowerPoint Could Lead to Remote Code Execution (924163) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047) Vulnerability in Microsoft SQL Server Could Allow Remote Code Execution (959420) Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (967340) Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488) Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214) Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (980094) Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2451879) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) Vulnerability in GDI+ Could Allow Remote Code Execution (2489979) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893) Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (2560978) Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) 29448 Microsoft PowerPoint Crafted File Unspecified Code Execution SSRT061264 20325 Microsoft PowerPoint Record Improper Memory Access Remote Code Execution Vulnerability TA07-044A ADV-2006-3977 MS06-058 MS07-015 powerpoint-bit-code-execution(29234) oval:org.mitre.oval:def:220 oval:org.mitre.oval:def:568 Vulnerable Configuration: Configuration 1 :cpe:/a:microsoft:access:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:access:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:access:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:excel_viewer:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:frontpage:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:frontpage:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:frontpage:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:infopath:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:office:2000:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:office:2003:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:office:2004:*:mac:*:*:*:*:* OR cpe:/a:microsoft:office:xp:sp3:*:*:*:*:*:* OR cpe:/a:microsoft:onenote:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:outlook:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:powerpoint:2004:*:mac:*:*:*:*:* OR cpe:/a:microsoft:project:2000:sr1:*:*:*:*:*:* OR cpe:/a:microsoft:project:2002:sp1:*:*:*:*:*:* OR cpe:/a:microsoft:project:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:publisher:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:publisher:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:publisher:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:visio:2002:sp2:*:*:*:*:*:* OR cpe:/a:microsoft:visio:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:word:2000:*:*:*:*:*:*:* OR cpe:/a:microsoft:word:2002:*:*:*:*:*:*:* OR cpe:/a:microsoft:word:2003:*:*:*:*:*:*:* OR cpe:/a:microsoft:word_viewer:2003:*:*:*:*:*:*:* Oval Definitions BACK
microsoft access 2000
microsoft access 2002
microsoft access 2003
microsoft excel 2000
microsoft excel 2002
microsoft excel 2003
microsoft excel viewer 2003
microsoft frontpage 2000
microsoft frontpage 2002
microsoft frontpage 2003
microsoft infopath 2003
microsoft office 2000 sp3
microsoft office 2003 sp2
microsoft office 2004
microsoft office xp sp3
microsoft onenote 2003
microsoft outlook 2000
microsoft outlook 2002
microsoft outlook 2003
microsoft powerpoint 2000
microsoft powerpoint 2002
microsoft powerpoint 2003
microsoft powerpoint 2004
microsoft project 2000 sr1
microsoft project 2002 sp1
microsoft project 2003
microsoft publisher 2000
microsoft publisher 2002
microsoft publisher 2003
microsoft visio 2002 sp2
microsoft visio 2003
microsoft word 2000
microsoft word 2002
microsoft word 2003
microsoft word viewer 2003
Denotes that component is vulnerable