Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-1540Code Injection in Microsoft Office

CWE-94Code Injection9 documents4 sources
Severity
9.3CRITICALNVD
NVD7.5NVD5.1
EPSS
74.7%
top 1.14%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Microsoft OfficeMicrosoft Powerpoint
Timeline
PublishedMar 30
Latest updateMay 1

Description

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/office5 versions+4
NVDmicrosoft/powerpoint4 versions+3

🔴Vulnerability Details

5
GHSA
GHSA-94cj-9f3f-7q8j: MSO2022-05-01
GHSA
GHSA-46j2-ph3p-g234: Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbi2022-05-01
GHSA
GHSA-rh8h-gpvg-vg6q: mso2022-05-01
VulnCheck
Microsoft PowerPoint Mso.dll Vulnerability2006
VulnCheck
Microsoft Office Improper Control of Generation of Code ('Code Injection')2006

💥Exploits & PoCs

1
Exploit-DB
Microsoft Office Products - Array Index Bounds Error (PoC)2006-03-27
CVE-2006-1540 — Code Injection in Microsoft Office | cvebase