CVE-2006-3590 — Code Injection in Microsoft Powerpoint

CWE-94 — Code Injection4 documents4 sources

Severity

5.1MEDIUMNVD

CNA9.3VulnCheck9.3

EPSS

36.1%

top 2.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Powerpoint

Timeline

PublishedJul 14

Latest updateMay 1

Description

mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDmicrosoft/powerpoint2000, 2002, 2003+2

🔴Vulnerability Details

GHSA

GHSA-rh8h-gpvg-vg6q: mso↗2022-05-01

▶

CVEList

CVE-2006-3590: mso↗2006-07-14

▶

VulnCheck

Microsoft PowerPoint Mso.dll Vulnerability↗2006

▶