CVE-2006-3435
Last modified
CVE-2006-3435 is a vulnerability of currently unknown severity. PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.. EPSS estimates a 36.12% chance of exploitation in the next 30 days.
Description
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Office | 2000 |
| Microsoft | Office | 2003 |
| Microsoft | Office | 2004 |
| Microsoft | Office | v.x |
| Microsoft | Office | xp |
References
- http://www.kb.cert.org/vuls/id/187028US Government Resource
- http://www.vupen.com/english/advisories/2006/3977Vendor Advisory
- http://www.kb.cert.org/vuls/id/187028US Government Resource
- http://www.vupen.com/english/advisories/2006/3977Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-3435?
How severe is CVE-2006-3435?
How do I fix CVE-2006-3435?
Are you affected by CVE-2006-3435?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST