CVE-2006-4694 — Code Injection in Microsoft Access

CWE-94 — Code Injection13 documents3 sources

Severity

9.3CRITICALNVD

NVD4.3

EPSS

46.5%

top 2.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Access Microsoft Excel Microsoft Excel Viewer +11 more

Timeline

PublishedSep 27

Latest updateMay 1

Description

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages14 packages

▶NVDmicrosoft/office6 versions+5

▶NVDmicrosoft/onenote2003

▶NVDmicrosoft/powerpoint4 versions+3

▶NVDmicrosoft/word_viewer2003

▶NVDmicrosoft/excel_viewer2003

🔴Vulnerability Details

GHSA

GHSA-j86v-2r4w-rjjr: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v↗2022-05-01

▶

GHSA

GHSA-j482-rx6m-8w32: Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as explo↗2022-05-01

▶

GHSA

GHSA-4qf8-jx39-2cv9: PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assi↗2022-05-01

▶

GHSA

GHSA-rrw4-gpgf-m865: PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v↗2022-05-01

▶

GHSA

GHSA-4842-r7qr-qmjq: Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v↗2022-05-01

▶