Vulnerabilities > CVE-2006-0009 - Unspecified vulnerability in Microsoft Office and Works
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-012.NASL |
description | The remote host is running a version of Microsoft Office that could allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it. Then a bug in the font parsing handler would result in code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21078 |
published | 2006-03-14 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21078 |
title | MS06-012: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
code |
|
Oval
accepted 2014-02-03T04:00:36.473-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Maria Kedovskaya organization ALTX-SOFT
definition_extensions comment Microsoft Excel 2003 is installed oval oval:org.mitre.oval:def:764 description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. family windows id oval:org.mitre.oval:def:1504 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Excel 2003 Remote Code Execution via Malformed Routing Slip version 8 accepted 2012-05-28T04:01:11.871-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name Shane Shaffer organization G2, Inc.
definition_extensions comment Microsoft Office 2000 is installed oval oval:org.mitre.oval:def:93 description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. family windows id oval:org.mitre.oval:def:1553 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Office 2000 Remote Code Execution via Malformed Routing Slip version 5 accepted 2014-02-03T04:00:43.789-05:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Maria Kedovskaya organization ALTX-SOFT
definition_extensions comment Microsoft Excel Viewer 2003 is installed oval oval:org.mitre.oval:def:439 description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. family windows id oval:org.mitre.oval:def:1653 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Excel Viewer 2003 Remote Code Execution via Malformed Routing Slip version 9 accepted 2012-05-28T04:02:39.419-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Jonathan Baker organization The MITRE Corporation name Shane Shaffer organization G2, Inc. name Dragos Prisaca organization Symantec Corporation name Shane Shaffer organization G2, Inc.
description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint. family windows id oval:org.mitre.oval:def:798 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Office XP Remote Code Execution via Malformed Routing Slip version 11
References
- http://www.kb.cert.org/vuls/id/682820
- http://securitytracker.com/id?1015766
- http://secunia.com/advisories/19138
- http://www.us-cert.gov/cas/techalerts/TA06-073A.html
- http://www.securityfocus.com/bid/17000
- http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
- http://www.osvdb.org/23903
- http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
- http://secunia.com/advisories/19238
- http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html
- http://isc.sans.org/diary.php?storyid=1618
- http://blogs.securiteam.com/?p=557
- http://blogs.securiteam.com/?p=559
- http://www.darkreading.com/document.asp?doc_id=101970
- http://securitytracker.com/id?1016720
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html
- http://blogs.securiteam.com/?author=28
- http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
- http://www.securityfocus.com/bid/20059
- http://securitytracker.com/id?1016886
- http://www.vupen.com/english/advisories/2006/0950
- http://www.vupen.com/english/advisories/2006/3678
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29009
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25009
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A798
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1653
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1553
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1504
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
- http://www.securityfocus.com/archive/1/446425/100/0/threaded
- http://www.securityfocus.com/archive/1/446370/100/0/threaded
- http://www.securityfocus.com/archive/1/444051/100/200/threaded
- http://www.securityfocus.com/archive/1/443890/100/0/threaded
- http://www.securityfocus.com/archive/1/432004/30/5340/threaded
- http://www.securityfocus.com/archive/1/427671/100/0/threaded
- http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH