CVE-2006-3435
published 2006-10-10CVE-2006-3435: PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote…
PriorityP348critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
36.12%
98.3th percentile
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | access | — | — |
| microsoft | access | — | — |
| microsoft | access | — | — |
| microsoft | excel | — | — |
| microsoft | excel | — | — |
| microsoft | excel | — | — |
| microsoft | excel_viewer | — | — |
| microsoft | frontpage | — | — |
| microsoft | frontpage | — | — |
| microsoft | frontpage | — | — |
| microsoft | infopath | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | onenote | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Office 2000/2003/2004/Xp code injection (VU#187028 / Nessus ID 22531)
vuldb·2026-04-24·CVSS 9.3
CVE-2006-3435 [CRITICAL] Microsoft Office 2000/2003/2004/Xp code injection (VU#187028 / Nessus ID 22531)
A vulnerability described as critical has been identified in Microsoft Office 2000/2003/2004/Xp. This issue affects some unknown processing. Executing a manipulation can lead to code injection.
The identification of this vulnerability is CVE-2006-3435. The attack may be launched remotely. There is no exploit available.
A patch should be applied to remediate this issue.
GHSA
GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3877 [CRITICAL] CWE-94 GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
GHSA
GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-5296 [CRITICAL] GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
GHSA
GHSA-rrw4-gpgf-m865: PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3435 [CRITICAL] CWE-94 GHSA-rrw4-gpgf-m865: PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
GHSA
GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3876 [CRITICAL] CWE-94 GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securitytracker.com/id?1017030http://www.kb.cert.org/vuls/id/187028http://www.osvdb.org/29446http://www.securityfocus.com/archive/1/448149/100/0/threadedhttp://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/20304http://www.vupen.com/english/advisories/2006/3977http://www.zerodayinitiative.com/advisories/ZDI-06-032.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A476http://securitytracker.com/id?1017030http://www.kb.cert.org/vuls/id/187028http://www.osvdb.org/29446http://www.securityfocus.com/archive/1/448149/100/0/threadedhttp://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/20304http://www.vupen.com/english/advisories/2006/3977http://www.zerodayinitiative.com/advisories/ZDI-06-032.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A476
2006-10-10
Published