ID CVE-2006-0022
Summary Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2003:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:powerpoint:2004:*:mac:*:*:*:*:*
CVSS
Base: 7.6 (as of 12-10-2018 - 21:38)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:H/Au:N/C:C/I:C/A:C
oval via4
  • accepted 2012-05-28T04:00:04.532-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
    family windows
    id oval:org.mitre.oval:def:1069
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft PowerPoint 2003 Remote Code Execution Using a Malformed Record Vulnerability
    version 5
  • accepted 2012-05-28T04:01:23.896-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
    family windows
    id oval:org.mitre.oval:def:1836
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft PowerPoint 2002 Remote Code Execution Using a Malformed Record Vulnerability
    version 6
  • accepted 2012-05-28T04:01:26.754-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name John Hoyland
      organization Centennial Software
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    description Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
    family windows
    id oval:org.mitre.oval:def:1984
    status accepted
    submitted 2006-06-14T09:55:00.000-04:00
    title Microsoft PowerPoint 2000 Remote Code Execution Using a Malformed Record Vulnerability
    version 5
refmap via4
bid 18382
cert TA06-164A
cert-vn VU#190089
osvdb 26435
sectrack 1016287
secunia 20633
vupen ADV-2006-2325
xf powerpoint-record-bo(26784)
Last major update 12-10-2018 - 21:38
Published 13-06-2006 - 19:06
Last modified 12-10-2018 - 21:38
Back to Top