CVE-2006-3876
published 2006-10-10CVE-2006-3876: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
11.34%
95.4th percentile
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | access | — | — |
| microsoft | access | — | — |
| microsoft | access | — | — |
| microsoft | excel | — | — |
| microsoft | excel | — | — |
| microsoft | excel | — | — |
| microsoft | excel_viewer | — | — |
| microsoft | frontpage | — | — |
| microsoft | frontpage | — | — |
| microsoft | frontpage | — | — |
| microsoft | infopath | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | onenote | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | project | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Microsoft Office 2000/2001/2003/2004 code injection (VU#938196 / Nessus ID 22539)
vuldb·2026-04-24·CVSS 9.3
CVE-2006-3876 [CRITICAL] Microsoft Office 2000/2001/2003/2004 code injection (VU#938196 / Nessus ID 22539)
A vulnerability classified as critical has been found in Microsoft Office 2000/2001/2003/2004. Impacted is an unknown function. The manipulation leads to code injection.
This vulnerability is referenced as CVE-2006-3876. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
To fix this issue, it is recommended to deploy a patch.
GHSA
GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3877 [CRITICAL] CWE-94 GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
GHSA
GHSA-j482-rx6m-8w32: Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as explo
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-0913 [CRITICAL] GHSA-j482-rx6m-8w32: Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as explo
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
GHSA
GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-5296 [CRITICAL] GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
GHSA
GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3876 [CRITICAL] CWE-94 GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securitytracker.com/id?1017030http://www.kb.cert.org/vuls/id/938196http://www.osvdb.org/29447http://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/20322http://www.vupen.com/english/advisories/2006/3977https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453http://securitytracker.com/id?1017030http://www.kb.cert.org/vuls/id/938196http://www.osvdb.org/29447http://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/20322http://www.vupen.com/english/advisories/2006/3977https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453
2006-10-10
Published