CVE-2006-5296

Microsoft Office 2003 - '.PPT' Local Buffer Overflow (PoC)

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

PowerPoint en Microsoft Office 2003 no maneja adecuadamente un objeto contenedor cuyo valor de posición excede la longitud del registro, lo cual permite a usuarios autenticados remotamente provocar una denegación de servicio (referencia NULL y caída de aplicación) mediante un archivo PowerPoint (.PPT) manipulado, como ha demostrado Nanika.ppt. Es una vulnerabilidad diferente de CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, y CVE-2006-4694. NOTA: el impacto de este problema fue originalmente clasificado como ejecución de código arbitrario, pero un análisis posterior ha demostrado que esta afirmación era errónea.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-10-16 CVE Reserved
2006-10-16 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2024-09-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (11)

URL	Tag	Source
http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx	X_refsource_misc
http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx	X_refsource_confirm
http://research.eeye.com/html/alerts/zeroday/20061012_2.html	X_refsource_misc
http://securitytracker.com/id?1017059	Vdb Entry
http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553	X_refsource_misc
http://www.osvdb.org/29720	Vdb Entry
http://www.vupen.com/english/advisories/2006/4031	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/29507	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/2523	2024-08-07
http://www.securityfocus.com/bid/20495	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/22394	2017-10-19

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Microsoft Search vendor "Microsoft"		Powerpoint Search vendor "Microsoft" for product "Powerpoint"				2003 Search vendor "Microsoft" for product "Powerpoint" and version "2003"		-		Affected