CVE-2006-3864Code Injection in Microsoft Office

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
45.7%
top 2.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Microsoft OfficeMicrosoft ProjectMicrosoft Visio
Timeline
PublishedOct 10
Latest updateMay 1

Description

Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages3 packages

NVDmicrosoft/office5 versions+4
NVDmicrosoft/visio2002
NVDmicrosoft/project2000, 2002+1

🔴Vulnerability Details

2
GHSA
GHSA-9v54-c9j8-fw7m: Unspecified vulnerability in mso2022-05-01
CVEList
CVE-2006-3864: Unspecified vulnerability in mso2006-10-10
CVE-2006-3864 — Code Injection in Microsoft Office | cvebase