CVE-2006-3449 (GCVE-0-2006-3449)
Vulnerability from cvelistv5
Published
2006-08-09 00:00
Modified
2024-08-07 18:30
Severity ?
CWE
  • n/a
Summary
Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
References
secure@microsoft.com http://securityreason.com/securityalert/1342 Third Party Advisory
secure@microsoft.com http://securitytracker.com/id?1016657 Third Party Advisory, VDB Entry
secure@microsoft.com http://secway.org/advisory/AD20060808.txt Not Applicable
secure@microsoft.com http://www.kb.cert.org/vuls/id/884252 Patch, Third Party Advisory, US Government Resource
secure@microsoft.com http://www.securityfocus.com/archive/1/442592/100/0/threaded
secure@microsoft.com http://www.securityfocus.com/bid/19341 Third Party Advisory, VDB Entry
secure@microsoft.com http://www.us-cert.gov/cas/techalerts/TA06-220A.html Patch, Third Party Advisory, US Government Resource
secure@microsoft.com https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048
secure@microsoft.com https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://securityreason.com/securityalert/1342 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://securitytracker.com/id?1016657 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 http://secway.org/advisory/AD20060808.txt Not Applicable
af854a3a-2127-422b-91ae-364da2661108 http://www.kb.cert.org/vuls/id/884252 Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/442592/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/19341 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 http://www.us-cert.gov/cas/techalerts/TA06-220A.html Patch, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048
af854a3a-2127-422b-91ae-364da2661108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348 Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:33.615Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1342",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1342"
          },
          {
            "name": "MS06-048",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
          },
          {
            "name": "19341",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19341"
          },
          {
            "name": "VU#884252",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/884252"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secway.org/advisory/AD20060808.txt"
          },
          {
            "name": "1016657",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016657"
          },
          {
            "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
          },
          {
            "name": "TA06-220A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:348",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "1342",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1342"
        },
        {
          "name": "MS06-048",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
        },
        {
          "name": "19341",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19341"
        },
        {
          "name": "VU#884252",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/884252"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secway.org/advisory/AD20060808.txt"
        },
        {
          "name": "1016657",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016657"
        },
        {
          "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
        },
        {
          "name": "TA06-220A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:348",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3449",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \"Microsoft PowerPoint Malformed Record Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1342",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1342"
            },
            {
              "name": "MS06-048",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"
            },
            {
              "name": "19341",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19341"
            },
            {
              "name": "VU#884252",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/884252"
            },
            {
              "name": "http://secway.org/advisory/AD20060808.txt",
              "refsource": "MISC",
              "url": "http://secway.org/advisory/AD20060808.txt"
            },
            {
              "name": "1016657",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016657"
            },
            {
              "name": "20060808 Microsoft PowerPoint Malformed Record Memory Corruption",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/442592/100/0/threaded"
            },
            {
              "name": "TA06-220A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:348",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-3449",
    "datePublished": "2006-08-09T00:00:00",
    "dateReserved": "2006-07-07T00:00:00",
    "dateUpdated": "2024-08-07T18:30:33.615Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3449\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2006-08-09T00:04:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka \\\"Microsoft PowerPoint Malformed Record Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en Microsoft PowerPoint 2000 hasta 2003, posiblemenet un desbordamiento de b\u00fafer, permite a atacantes remotos con intervenci\u00f3n del usuario ejecutar comandos de su elecci\u00f3n mediante un registro mal formado en el formato de archivo BIFF utilizado en un archivo PPT, un problema distinto de CVE-2006-1540, tambi\u00e9n conocido como \\\"Vulnerabilidad de Registro Mal Formado de Microsoft PowerPoint\\\" (\\\"Microsoft PowerPoint Malformed Record Vulnerability\\\").\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3E392539-ABF6-4B5C-AEC3-C54B51E0DB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:ja:*:*:*:*\",\"matchCriteriaId\":\"FF8DA1F4-51F5-4701-BA23-6A77057DD420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:ko:*:*:*:*\",\"matchCriteriaId\":\"FB88D5F8-4D7A-4D77-9F05-4910405E0A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:*:*:zh:*:*:*:*\",\"matchCriteriaId\":\"C8CCDE97-AE42-4BB8-9947-5BBD81DA6CA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D64E16F-0E13-4679-A68D-66866A77149F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"16844C40-F012-4C19-9028-D05014EBF7D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2000:sr1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5843C1AA-953B-4CC1-9B1B-AF9969BB1A59\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2001:*:*:*:*:mac_os:*:*\",\"matchCriteriaId\":\"88499AA7-D0AD-4914-8B24-153EEED8DF7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"711D9CC0-31B8-4511-A9F3-CA328A02ED84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"054BA29C-3320-475D-95AE-996BAA04D464\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3DC15E7-F1C3-42D0-AE3E-DDF6300FCD7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2002:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"34C63AE5-4584-4A51-B20D-36FA6DE01C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5611EFD-2C7C-47BA-83E5-947EA00D8E6C\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/1342\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016657\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secway.org/advisory/AD20060808.txt\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/884252\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/442592/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/19341\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securityreason.com/securityalert/1342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016657\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://secway.org/advisory/AD20060808.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/884252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.securityfocus.com/archive/1/442592/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19341\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-220A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A348\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.