CVE-2006-3877
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
Known Affected Software
35 configuration(s) from 1 vendor(s)
excel
Version:
2002
CPE:
cpe:2.3:a:microsoft:excel:2002:gold:*:*:*:*:*:*
powerpoint
Version:
2000
CPE:
cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*
excel
Version:
2000
CPE:
cpe:2.3:a:microsoft:excel:2000:gold:*:*:*:*:*:*
word
Version:
2003
CPE:
cpe:2.3:a:microsoft:word:2003:sp3:*:*:*:*:*:*
excel
Version:
2003
CPE:
cpe:2.3:a:microsoft:excel:2003:sp3:*:*:*:*:*:*
word
Version:
2002
CPE:
cpe:2.3:a:microsoft:word:2002:sp1:*:*:*:*:*:*
publisher
Version:
2000
CPE:
cpe:2.3:a:microsoft:publisher:2000:*:*:*:*:*:*:*
powerpoint
Version:
2003
CPE:
cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*
access
Version:
2003
CPE:
cpe:2.3:a:microsoft:access:2003:sp1:*:*:*:*:*:*
office
Version:
2004
CPE:
cpe:2.3:a:microsoft:office:2004:*:*:*:*:macos:*:*
frontpage
Version:
2002
CPE:
cpe:2.3:a:microsoft:frontpage:2002:*:*:*:*:*:*:*
project
Version:
2002
CPE:
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
project
Version:
2000
CPE:
cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*
project
Version:
2003
CPE:
cpe:2.3:a:microsoft:project:2003:sp3:*:*:*:*:*:*
publisher
Version:
2003
CPE:
cpe:2.3:a:microsoft:publisher:2003:sp3:*:*:*:*:*:*
outlook
Version:
2002
CPE:
cpe:2.3:a:microsoft:outlook:2002:sp1:*:*:*:*:*:*
onenote
Version:
2003
CPE:
cpe:2.3:a:microsoft:onenote:2003:*:*:*:*:*:*:*
powerpoint
Version:
2004
CPE:
cpe:2.3:a:microsoft:powerpoint:2004:*:*:*:*:*:*:*
outlook
Version:
2000
CPE:
cpe:2.3:a:microsoft:outlook:2000:sp4:*:*:*:*:*:*
frontpage
Version:
2003
CPE:
cpe:2.3:a:microsoft:frontpage:2003:sp3:*:*:*:*:*:*
visio
Version:
2003
CPE:
cpe:2.3:a:microsoft:visio:2003:*:*:*:professional:*:*:*
office
Version:
2003
CPE:
cpe:2.3:a:microsoft:office:2003:sp2:*:pt:*:*:*:*
excel_viewer
Version:
2003
CPE:
cpe:2.3:a:microsoft:excel_viewer:2003:-:*:*:*:*:*:*
word
Version:
2000
CPE:
cpe:2.3:a:microsoft:word:2000:*:*:zh:*:*:*:*
word_viewer
Version:
2003
CPE:
cpe:2.3:a:microsoft:word_viewer:2003:*:*:*:*:*:*:*
publisher
Version:
2002
CPE:
cpe:2.3:a:microsoft:publisher:2002:sp3:*:*:*:*:*:*
access
Version:
2000
CPE:
cpe:2.3:a:microsoft:access:2000:sr1:*:*:*:*:*:*
office
Version:
2000
CPE:
cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*
office
Version:
xp
CPE:
cpe:2.3:a:microsoft:office:xp:sp1:*:*:*:*:*:*
visio
Version:
2002
CPE:
cpe:2.3:a:microsoft:visio:2002:*:*:*:professional:*:*:*
access
Version:
2002
CPE:
cpe:2.3:a:microsoft:access:2002:sp1:*:*:*:*:*:*
powerpoint
Version:
2002
CPE:
cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*
infopath
Version:
2003
CPE:
cpe:2.3:a:microsoft:infopath:2003:*:*:*:*:*:*:*
outlook
Version:
2003
CPE:
cpe:2.3:a:microsoft:outlook:2003:sp3:*:*:*:*:*:*
frontpage
Version:
2000
CPE:
cpe:2.3:a:microsoft:frontpage:2000:*:*:*:*:*:*:*
This vulnerability affects 35 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://securitytracker.com/id?1017030secure@microsoft.com
-
http://www.kb.cert.org/vuls/id/205948secure@microsoft.com US Government Resource
-
http://www.osvdb.org/29448secure@microsoft.com
-
http://www.securityfocus.com/archive/1/449179/100/0/threadedsecure@microsoft.com
-
http://www.securityfocus.com/bid/20325secure@microsoft.com
-
http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlsecure@microsoft.com US Government Resource
-
http://www.vupen.com/english/advisories/2006/3977secure@microsoft.com Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058secure@microsoft.com
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015secure@microsoft.com
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220secure@microsoft.com
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568secure@microsoft.com
-
http://securitytracker.com/id?1017030af854a3a-2127-422b-91ae-364da2661108
-
http://www.kb.cert.org/vuls/id/205948af854a3a-2127-422b-91ae-364da2661108 US Government Resource
-
http://www.osvdb.org/29448af854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/archive/1/449179/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
-
http://www.securityfocus.com/bid/20325af854a3a-2127-422b-91ae-364da2661108
-
http://www.us-cert.gov/cas/techalerts/TA07-044A.htmlaf854a3a-2127-422b-91ae-364da2661108 US Government Resource
-
http://www.vupen.com/english/advisories/2006/3977af854a3a-2127-422b-91ae-364da2661108 Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058af854a3a-2127-422b-91ae-364da2661108
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A220af854a3a-2127-422b-91ae-364da2661108
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A568af854a3a-2127-422b-91ae-364da2661108
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-94
Top 25 #7
Improper Control of Generation of Code ('Code Injection')
- Description
- The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
- Exploit Likelihood
- Medium
- Typical Severity
- High
- OWASP Top 10
- A03:2021-Injection
- Abstraction Level
- Base
Key Information
- Published Date
- October 10, 2006
