CVE-2006-3449Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Powerpoint

3 documents3 sources
Severity
7.5HIGHNVD
CNA9.3
EPSS
23.4%
top 4.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Powerpoint
Timeline
PublishedAug 9
Latest updateMay 1

Description

Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDmicrosoft/powerpoint4 versions+3

Patches

Patch: www.kb.cert.orgPatch: www.us-cert.govPatch: www.kb.cert.org

🔴Vulnerability Details

2
GHSA
GHSA-46j2-ph3p-g234: Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbi2022-05-01
CVEList
CVE-2006-3449: Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbi2006-08-09
CVE-2006-3449 — Microsoft Powerpoint vulnerability | cvebase