9.3

CVE-2006-3876

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.

Data is provided by the National Vulnerability Database (NVD)
MicrosoftOffice Version2000
MicrosoftOffice Version2000 Langja
MicrosoftOffice Version2000 Langko
MicrosoftOffice Version2000 Langzh
MicrosoftOffice Version2000 Updatesp1
MicrosoftOffice Version2000 Updatesp2
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2001
MicrosoftOffice Version2001 SwPlatformmac_os
MicrosoftOffice Version2001 Updatesr1 SwPlatformmac_os
MicrosoftOffice Version2003
MicrosoftOffice Version2003 Updatesp1
MicrosoftOffice Version2003 Updatesp2
MicrosoftOffice Version2003 Updatesp3
MicrosoftOffice Version2004 SwPlatformmac_os
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 36.54% 0.97
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://securitytracker.com/id?1017030
Third Party Advisory
VDB Entry
http://www.kb.cert.org/vuls/id/938196
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/20322
Third Party Advisory
VDB Entry