CVE-2006-3876Code Injection in Microsoft Access

CWE-94Code Injection8 documents2 sources
Severity
9.3CRITICALNVD
NVD4.3
EPSS
36.5%
top 2.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
14
Microsoft AccessMicrosoft ExcelMicrosoft Excel Viewer+11 more
Timeline
PublishedOct 10
Latest updateMay 1

Description

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages14 packages

NVDmicrosoft/office5 versions+4
NVDmicrosoft/powerpoint4 versions+3
NVDmicrosoft/word2000, 2002, 2003+2
NVDmicrosoft/excel2000, 2002, 2003+2
NVDmicrosoft/visio2002, 2003+1

🔴Vulnerability Details

4
GHSA
GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v2022-05-01
GHSA
GHSA-j482-rx6m-8w32: Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as explo2022-05-01
GHSA
GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi2022-05-01
GHSA
GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v2022-05-01
CVE-2006-3876 — Code Injection in Microsoft Access | cvebase