CVE-2006-3877
https://notcve.org/view.php?id=CVE-2006-3877
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876. Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un "fichero artesanal" no especificado, una vulnerabilidad diferente que CVE-2006-3435, CVE-2006-4694, y CVE-2006-3876. • http://securitytracker.com/id?1017030 http://www.kb.cert.org/vuls/id/205948 http://www.osvdb.org/29448 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20325 http://www.us-cert.gov/cas/techalerts/TA07-044A.html http://www.vupen.com/english/advisories/2006/3977 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 https& • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3868
https://notcve.org/view.php?id=CVE-2006-3868
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag. Vulnerabilidad no especificada en Microsoft Office XP y 2003 permite a atacantes remotos con la complicidad del usuario ejecutar código de su elección mediante una Etiqueta Inteligente mal formada. • http://secunia.com/advisories/22339 http://securitytracker.com/id?1017034 http://www.kb.cert.org/vuls/id/807780 http://www.osvdb.org/29430 http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20320 http://www.vupen.com/english/advisories/2006/3981 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A740 •
CVE-2006-2387 – Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-2387
Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875. Vulnerabilidad no especificada en Microsoft Excel 2000, 2002, 2003, 2004 para Mac, v.X para Mac, Excel Viewer 2003, y Microsoft Works Suite 2004 hasta la 2006 permite a atacantes con la complicidad del usuario ejecutar código de su elección mediante un registro DATETIME artesanal en un fichero XLS, una vulnerabilidad diferente que CVE-2006-3867 y CVE-2006-3875. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed DATETIME records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code. • http://securitytracker.com/id?1017031 http://www.kb.cert.org/vuls/id/706668 http://www.securityfocus.com/archive/1/448147/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20344 http://www.vupen.com/english/advisories/2006/3978 http://www.zerodayinitiative.com/advisories/ZDI-06-033.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-059 https://oval.cisecurity.org/repository/search/definit •
CVE-2006-3650 – Microsoft Word Malformed Chart Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-3650
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868. Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no analiza adecuadamente la longitud de un registro de un gráfico, lo cual permite a atacantes remotos con la intervención del usuario ejecutar código de su elección mediante un documento Word con un registro de gráfico mal formado que dispara la sobrescritura de los valores de punteros con valores del documento, una vulnerabilidad diferente que CVE-2006-3434, CVE-2006-3864, y CVE-2006-3868. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target user into opening a malicious .XLS file. The specific flaw exists during the processing of malformed charts embedded within a Word document. Upon closing the document, certain pointers are corrupted with data direclty from the file. • http://secunia.com/advisories/22339 http://securitytracker.com/id?1017034 http://www.kb.cert.org/vuls/id/534276 http://www.osvdb.org/29428 http://www.securityfocus.com/archive/1/448151/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20383 http://www.vupen.com/english/advisories/2006/3981 http://www.zerodayinitiative.com/advisories/ZDI-06-034.html https://docs.microsoft.com/en-us/security-updates/securitybullet • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2006-3435 – Microsoft PowerPoint Malformed Slide Notes Rebuilding Vulnerability
https://notcve.org/view.php?id=CVE-2006-3435
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694. PowerPoint en Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no analiza adecuadamente el campo de notas de diapositiva en un documento, lo cual permite a atacantes con la intervención del usuario ejecutar código de su elección mediante datos manipulados en este campo, lo cual dispara un cálculo erróneo de puntero de objeto que utiliza datos de dentro del documento. NOTA: este problema es diferente de otras vulnerabilidades PowerPoint incluyendo CVE-2006-4694. This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Office. • http://securitytracker.com/id?1017030 http://www.kb.cert.org/vuls/id/187028 http://www.osvdb.org/29446 http://www.securityfocus.com/archive/1/448149/100/0/threaded http://www.securityfocus.com/archive/1/449179/100/0/threaded http://www.securityfocus.com/bid/20304 http://www.vupen.com/english/advisories/2006/3977 http://www.zerodayinitiative.com/advisories/ZDI-06-032.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058 https://oval.c • CWE-94: Improper Control of Generation of Code ('Code Injection') •