CVE-2006-3435 – Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability
https://notcve.org/view.php?id=CVE-2006-3435
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. PowerPoint en Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no analiza adecuadamente el campo de notas de diapositiva en un documento, lo cual permite a atacantes con la intervención del usuario ejecutar código de su elección mediante datos manipulados en este campo, lo cual dispara un cálculo erróneo de puntero de objeto que utiliza datos de dentro del documento. NOTA: este problema es diferente de otras vulnerabilidades PowerPoint incluyendo CVE-2006-4694. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. • http://securitytracker.com/id?1017030 http://www.kb.cert.org/vuls/id/187028 http://www.osvdb.org/29446 http://www.securityfocus.com/archive/1/448149/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20304 http://www.vupen.com/english/advisories/2006/3977 http://www.zerodayinitiative.com/advisories/ZDI-06-032.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058 https://oval.c • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-4694
https://notcve.org/view.php?id=CVE-2006-4694
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office XP y Office 2003 permite a un atacante remoto con la intervención del usuario ejecutar código de su elección a través de un archivo PPT artesanal, según lo explotado por el malware como por ejemploExploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, y Exploit-PPT.d/Trojan.PPDropper.F. • http://secunia.com/advisories/22127 http://securitytracker.com/id?1016937 http://vil.nai.com/vil/content/v_140666.htm http://www.avertlabs.com/research/blog/?p=95 http://www.kb.cert.org/vuls/id/231204 http://www.microsoft.com/technet/security/advisory/925984.mspx http://www.osvdb.org/29259 http://www.securityfocus.com/archive/1/447831/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20226 http: • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-0001
https://notcve.org/view.php?id=CVE-2006-0001
Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts. Desbordamiento de búfer basado en montón en Microsoft Publisher 2000 hasta 2003, permite a los atacantes con la complicidad del usuario ejecutar código de su elección a través de un fichero PUB artesanal, el cual provoca un desbordamiento cuando analiza sintacticamente las fuentes. • http://secunia.com/advisories/21863 http://securityreason.com/securityalert/1548 http://securitytracker.com/id?1016825 http://www.computerterrorism.com/research/ct12-09-2006-2.htm http://www.kb.cert.org/vuls/id/406236 http://www.securityfocus.com/archive/1/445824/100/0/threaded http://www.securityfocus.com/archive/1/446630/100/100/threaded http://www.securityfocus.com/bid/19951 http://www.us-cert.gov/cas/techalerts/TA06-255A.html http://www.vupen.com/english/advisories • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-0007
https://notcve.org/view.php?id=CVE-2006-0007
Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed. Desbordamiento de búfer en GIFIMP32.FLT, usado por Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, y otros productos, permite ataques asistidos por usuario para ejecutar código de su elección mediante una imagen GIF especialmente modificada para provocar la corrupción de la memoria cuando es analizada sintácticamente. • http://archives.neohapsis.com/archives/vulnwatch/2006-q3/0005.html http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.kb.cert.org/vuls/id/668564 http://www.osvdb.org/27146 http://www.securityfocus.com/archive/1/439887/100/0/threaded http://www.securityfocus.com/bid/18915 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybull • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-0033
https://notcve.org/view.php?id=CVE-2006-0033
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed. Vulnerabilidad no especificada en Microsoft Office 2003 SP1 y SP2, Office XP SP3, Office 2000 SP3 y otros productos, permite a atacantes con la ayuda del usuario ejecutar código de su elección a través de una imagen PNG manipulada que induce una corrupción de memoria cuando se analiza sintácticamente. • http://secunia.com/advisories/21013 http://securitytracker.com/id?1016470 http://www.fortinet.com/FortiGuardCenter/advisory/FG-2006-22.html http://www.kb.cert.org/vuls/id/459388 http://www.osvdb.org/27147 http://www.securityfocus.com/bid/18913 http://www.us-cert.gov/cas/techalerts/TA06-192A.html http://www.vupen.com/english/advisories/2006/2757 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-039 https://oval.cisecurity.org/repository/search •