9.3

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftOffice Version2000
MicrosoftOffice Version2000 Updatesp1
MicrosoftOffice Version2000 Updatesp2
MicrosoftOffice Version2000 Updatesp3
MicrosoftOffice Version2003
MicrosoftOffice Versionxp Updatesp1
MicrosoftOffice Versionxp Updatesp2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.46% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.securityfocus.com/archive/1/449179/100/0/threaded
http://www.us-cert.gov/cas/techalerts/TA06-283A.html
US Government Resource
http://secunia.com/advisories/22127
Vendor Advisory
http://securitytracker.com/id?1016937
http://vil.nai.com/vil/content/v_140666.htm
http://www.avertlabs.com/research/blog/?p=95
http://www.kb.cert.org/vuls/id/231204
US Government Resource
http://www.microsoft.com/technet/security/advisory/925984.mspx
http://www.osvdb.org/29259
http://www.securityfocus.com/archive/1/447831/100/0/threaded
http://www.securityfocus.com/bid/20226
http://www.vupen.com/english/advisories/2006/3794
Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058
https://exchange.xforce.ibmcloud.com/vulnerabilities/29225
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A269