Vulnerabilities > CVE-2006-0022 - Remote Code Execution vulnerability in Microsoft PowerPoint Malformed Record

047910
CVSS 7.6 - HIGH
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
high complexity
microsoft
nessus

Summary

Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.

Nessus

  • NASL familyWindows : Microsoft Bulletins
    NASL idSMB_NT_MS06-028.NASL
    descriptionThe remote host is running a version of Microsoft PowerPoint that is subject to a fla that could allow arbitrary code to be run. An attacker may use this to execute arbitrary code on this host. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it. Then a bug in the font parsing handler would result in code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id21691
    published2006-06-13
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21691
    titleMS06-028: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (916768)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_MS_06-028.NASL
    descriptionThe remote host is running a version of Microsoft PowerPoint that may allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with PowerPoint. A vulnerability in the font parsing handler would then result in code execution.
    last seen2019-10-28
    modified2006-06-16
    plugin id21724
    published2006-06-16
    reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/21724
    titleMS06-028: Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768) (Mac OS X)

Oval

  • accepted2012-05-28T04:00:04.532-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1069
    statusaccepted
    submitted2006-06-14T09:55:00.000-04:00
    titleMicrosoft PowerPoint 2003 Remote Code Execution Using a Malformed Record Vulnerability
    version5
  • accepted2012-05-28T04:01:23.896-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameMatthew Wojcik
      organizationThe MITRE Corporation
    • nameJonathan Baker
      organizationThe MITRE Corporation
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1836
    statusaccepted
    submitted2006-06-14T09:55:00.000-04:00
    titleMicrosoft PowerPoint 2002 Remote Code Execution Using a Malformed Record Vulnerability
    version6
  • accepted2012-05-28T04:01:26.754-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJohn Hoyland
      organizationCentennial Software
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionUnspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
    familywindows
    idoval:org.mitre.oval:def:1984
    statusaccepted
    submitted2006-06-14T09:55:00.000-04:00
    titleecord Vulnerability
    version5