CVE-2006-4694
published 2006-09-27CVE-2006-4694: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a…
PriorityP268critical9.3CVSS 2.0
AVNACMAuNCCICAC
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.46%
95.7th percentile
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
Affected
37 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | access | — | — |
| microsoft | access | — | — |
| microsoft | access | — | — |
| microsoft | excel | — | — |
| microsoft | excel | — | — |
| microsoft | excel | — | — |
| microsoft | excel_viewer | — | — |
| microsoft | frontpage | — | — |
| microsoft | frontpage | — | — |
| microsoft | frontpage | — | — |
| microsoft | infopath | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | office | — | — |
| microsoft | onenote | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | outlook | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
| microsoft | powerpoint | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3877 [CRITICAL] CWE-94 GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
GHSA
GHSA-j482-rx6m-8w32: Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as explo
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2007-0913 [CRITICAL] GHSA-j482-rx6m-8w32: Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as explo
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
GHSA
GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-5296 [CRITICAL] GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi
PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
GHSA
GHSA-rrw4-gpgf-m865: PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3435 [CRITICAL] CWE-94 GHSA-rrw4-gpgf-m865: PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v
PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
GHSA
GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
ghsa_unreviewed·2022-05-01·CVSS 9.3
CVE-2006-3876 [CRITICAL] CWE-94 GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
GHSA
GHSA-q7f2-fp2x-g355: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code v
ghsa_unreviewed·2022-05-01
CVE-2006-4694 [HIGH] CWE-94 GHSA-q7f2-fp2x-g355: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code v
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
VulnCheck
Microsoft Office Improper Control of Generation of Code ('Code Injection')
vulncheck·2006·CVSS 9.3
CVE-2006-4694 [CRITICAL] Microsoft Office Improper Control of Generation of Code ('Code Injection')
Microsoft Office Improper Control of Generation of Code ('Code Injection')
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
Affected: Microsoft Office
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://secunia.com/advisories/22127http://securitytracker.com/id?1016937http://vil.nai.com/vil/content/v_140666.htmhttp://www.avertlabs.com/research/blog/?p=95http://www.kb.cert.org/vuls/id/231204http://www.microsoft.com/technet/security/advisory/925984.mspxhttp://www.osvdb.org/29259http://www.securityfocus.com/archive/1/447831/100/0/threadedhttp://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/20226http://www.us-cert.gov/cas/techalerts/TA06-283A.htmlhttp://www.vupen.com/english/advisories/2006/3794https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058https://exchange.xforce.ibmcloud.com/vulnerabilities/29225https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A269http://secunia.com/advisories/22127http://securitytracker.com/id?1016937http://vil.nai.com/vil/content/v_140666.htmhttp://www.avertlabs.com/research/blog/?p=95http://www.kb.cert.org/vuls/id/231204http://www.microsoft.com/technet/security/advisory/925984.mspxhttp://www.osvdb.org/29259http://www.securityfocus.com/archive/1/447831/100/0/threadedhttp://www.securityfocus.com/archive/1/449179/100/0/threadedhttp://www.securityfocus.com/bid/20226http://www.us-cert.gov/cas/techalerts/TA06-283A.htmlhttp://www.vupen.com/english/advisories/2006/3794https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058https://exchange.xforce.ibmcloud.com/vulnerabilities/29225https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A269
2006-09-27
Published
Exploited in the wild