Vulnerabilities > CVE-2006-3449 - Remote Code Execution vulnerability in Microsoft Powerpoint

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus

Summary

Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS06-048.NASL
descriptionThe remote host is running a version of Microsoft Office that could allow arbitrary code execution. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Office.
last seen2020-06-01
modified2020-06-02
plugin id22190
published2006-08-08
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22190
titleMS06-048: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)

Oval

accepted2012-05-28T04:01:39.775-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
definition_extensions
  • commentMicrosoft PowerPoint 2000 is installed
    ovaloval:org.mitre.oval:def:696
  • commentMicrosoft PowerPoint 2002 is installed
    ovaloval:org.mitre.oval:def:305
  • commentMicrosoft PowerPoint 2003 is installed
    ovaloval:org.mitre.oval:def:666
descriptionUnspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
familywindows
idoval:org.mitre.oval:def:348
statusaccepted
submitted2006-08-11T12:53:40
titleMicrosoft PowerPoint Malformed Records Vulnerability
version9