Vulnerabilities > CVE-2006-0004 - Remote Information Disclosure vulnerability in Microsoft Office 2000

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

microsoft

nessus

NVD

Published: 2006-02-14

Updated: 2018-10-12

Summary

Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Office 2000	1

Nessus

NASL family	Windows : Microsoft Bulletins
NASL id	SMB_NT_MS06-010.NASL
description	The remote host contains a version of PowerPoint that is vulnerable to an information disclosure attack. Specifically, an attacker could send a malformed PowerPoint file to a a victim on the remote host. When the victim opens the file, the attacker may be able to obtain access to the files in the Temporary Internet Files Folder of the remote host.
last seen	2020-06-01
modified	2020-06-02
plugin id	20910
published	2006-02-14
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20910
title	MS06-010: Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(20910); script_version("1.32"); script_cvs_date("Date: 2018/11/15 20:50:29"); script_cve_id("CVE-2006-0004"); script_bugtraq_id(16634); script_xref(name:"MSFT", value:"MS06-010"); script_xref(name:"MSKB", value:"889167"); script_name(english:"MS06-010: Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167)"); script_summary(english:"Determines the version of PowerPnt.exe"); script_set_attribute(attribute:"synopsis", value: "The remote version of PowerPoint is vulnerable to an information disclosure attack."); script_set_attribute(attribute:"description", value: "The remote host contains a version of PowerPoint that is vulnerable to an information disclosure attack. Specifically, an attacker could send a malformed PowerPoint file to a a victim on the remote host. When the victim opens the file, the attacker may be able to obtain access to the files in the Temporary Internet Files Folder of the remote host."); script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2006/ms06-010"); script_set_attribute(attribute:"solution", value:"Microsoft has released a set of patches for PowerPoint."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/14"); script_set_attribute(attribute:"patch_publication_date", value:"2006/02/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/02/14"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:office"); script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:powerpoint"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc."); script_family(english:"Windows : Microsoft Bulletins"); script_dependencies("smb_hotfixes.nasl", "office_installed.nasl", "ms_bulletin_checks_possible.nasl"); script_require_keys("SMB/MS_Bulletin_Checks/Possible"); script_require_ports(139, 445, 'Host/patch_management_checks'); exit(0); } include("smb_func.inc"); include("smb_hotfixes.inc"); include("smb_hotfixes_fcheck.inc"); include("misc_func.inc"); include("audit.inc"); get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible"); bulletin = 'MS06-010'; kb = '889167'; kbs = make_list(kb); if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING); path = get_kb_item_or_exit("SMB/Office/Powerpoint/9.0/Path"); share = hotfix_path2share(path:path); ppt = ereg_replace(pattern:"^[A-Za-z]:(.*)", replace:"\1\PowerPnt.exe", string:path); login = kb_smb_login(); pass = kb_smb_password(); domain = kb_smb_domain(); port = kb_smb_transport(); if(! smb_session_init()) audit(AUDIT_FN_FAIL, "smb_session_init"); r = NetUseAdd(login:login, password:pass, domain:domain, share:share); if ( r != 1 ) { NetUseDel(); audit(AUDIT_SHARE_FAIL,share); } handle = CreateFile (file:ppt, desired_access:GENERIC_READ, file_attributes:FILE_ATTRIBUTE_NORMAL, share_mode:FILE_SHARE_READ, create_disposition:OPEN_EXISTING); if ( ! isnull(handle) ) { ppt_version = v = GetFileVersion(handle:handle); CloseFile(handle:handle); } NetUseDel(); if ( ! isnull(ppt_version) ) { office_sp = get_kb_item("SMB/Office/2000/SP"); if (!isnull(office_sp) && office_sp == 3) { if ( ppt_version[0] == 9 && ppt_version[1] == 0 && ppt_version[2] == 0 && ppt_version[3] < 8936) { hotfix_add_report('\nPath : '+share-'$'+':'+ppt+ '\nVersion : '+join(v, sep:'.')+ '\nShould be : 9.0.0.8936\n', bulletin:bulletin, kb:kb); set_kb_item(name:"SMB/Missing/MS06-010", value:TRUE); hotfix_security_warning(); } } } audit(AUDIT_HOST_NOT, 'affected');

Oval

accepted

2012-05-28T04:01:12.436-04:00

class

vulnerability

contributors

name Robert L. Hollis
organization ThreatGuard, Inc.
name John Hoyland
organization Centennial Software
name Robert L. Hollis
organization ThreatGuard, Inc.
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:1555

status

accepted

submitted

2006-02-17T07:36:00.000-04:00

title

Microsoft PowerPoint TIFF Information Disclosure

version

Summary

Vulnerable Configurations

Nessus

Oval

References