9.3

CVE-2006-3877

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftAccess Version2000
MicrosoftAccess Version2002
MicrosoftAccess Version2003
MicrosoftExcel Version2000
MicrosoftExcel Version2002
MicrosoftExcel Version2003
MicrosoftExcel Viewer Version2003
MicrosoftFrontpage Version2000
MicrosoftFrontpage Version2002
MicrosoftFrontpage Version2003
MicrosoftInfopath Version2003
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2003 Updatesp2
MicrosoftOffice Version2004 Editionmac
MicrosoftOffice Versionxp Updatesp3
MicrosoftOnenote Version2003
MicrosoftOutlook Version2000
MicrosoftOutlook Version2002
MicrosoftOutlook Version2003
MicrosoftPowerpoint Version2000
MicrosoftPowerpoint Version2002
MicrosoftPowerpoint Version2003
MicrosoftPowerpoint Version2004 Editionmac
MicrosoftProject Version2000 Updatesr1
MicrosoftProject Version2002 Updatesp1
MicrosoftProject Version2003
MicrosoftPublisher Version2000
MicrosoftPublisher Version2002
MicrosoftPublisher Version2003
MicrosoftVisio Version2002 Updatesp2
MicrosoftVisio Version2003
MicrosoftWord Version2000
MicrosoftWord Version2002
MicrosoftWord Version2003
MicrosoftWord Viewer Version2003
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 36.78% 0.97
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.