9.3

CVE-2006-3435

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2000
MicrosoftOffice Version2000 Updatesp1
MicrosoftOffice Version2000 Updatesp2
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2003
MicrosoftOffice Version2003 Updatesp1
MicrosoftOffice Version2003 Updatesp2
MicrosoftOffice Version2003 Updatesp3
MicrosoftOffice Version2004 Editionmac
MicrosoftOffice Versionv.x
MicrosoftOffice Versionxp
MicrosoftOffice Versionxp Updatesp1
MicrosoftOffice Versionxp Updatesp2
MicrosoftOffice Versionxp Updatesp3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 46.6% 0.976
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.