ID CVE-2006-0009
Summary Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*
    cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*
  • cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2001:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2004:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2005:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:works:2006:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 19-10-2018 - 15:41)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2014-02-03T04:00:36.473-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Excel 2003 is installed
    oval oval:org.mitre.oval:def:764
    description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
    family windows
    id oval:org.mitre.oval:def:1504
    status accepted
    submitted 2006-03-15T10:53:00.000-04:00
    title Excel 2003 Remote Code Execution via Malformed Routing Slip
    version 8
  • accepted 2012-05-28T04:01:11.871-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Shane Shaffer
      organization G2, Inc.
    definition_extensions
    comment Microsoft Office 2000 is installed
    oval oval:org.mitre.oval:def:93
    description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
    family windows
    id oval:org.mitre.oval:def:1553
    status accepted
    submitted 2006-03-15T10:53:00.000-04:00
    title Office 2000 Remote Code Execution via Malformed Routing Slip
    version 5
  • accepted 2014-02-03T04:00:43.789-05:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Maria Kedovskaya
      organization ALTX-SOFT
    definition_extensions
    comment Microsoft Excel Viewer 2003 is installed
    oval oval:org.mitre.oval:def:439
    description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
    family windows
    id oval:org.mitre.oval:def:1653
    status accepted
    submitted 2006-03-15T10:53:00.000-04:00
    title Excel Viewer 2003 Remote Code Execution via Malformed Routing Slip
    version 9
  • accepted 2012-05-28T04:02:39.419-04:00
    class vulnerability
    contributors
    • name Robert L. Hollis
      organization ThreatGuard, Inc.
    • name Matthew Wojcik
      organization The MITRE Corporation
    • name Jonathan Baker
      organization The MITRE Corporation
    • name Shane Shaffer
      organization G2, Inc.
    • name Dragos Prisaca
      organization Symantec Corporation
    • name Shane Shaffer
      organization G2, Inc.
    description Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
    family windows
    id oval:org.mitre.oval:def:798
    status accepted
    submitted 2006-03-15T10:53:00.000-04:00
    title Office XP Remote Code Execution via Malformed Routing Slip
    version 11
refmap via4
bid
  • 17000
  • 20059
bugtraq
  • 20060314 SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata
  • 20060422 PowerPoint Phishing Trojan
  • 20060819 New PowerPoint 0-day and Trojan - FAQ document ready
  • 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue
  • 20060919 Microsoft PowerPoint 0-day Vulnerability FAQ - September written
  • 20060919 New PowerPoint 0-day Trojan in the wild
cert TA06-073A
cert-vn VU#682820
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
fulldisc
  • 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue
  • 20060919 New PowerPoint 0-day Trojan in the wild
misc
osvdb 23903
sectrack
  • 1015766
  • 1016720
  • 1016886
secunia
  • 19138
  • 19238
vupen
  • ADV-2006-0950
  • ADV-2006-3678
xf
  • office-routing-slip-bo(25009)
  • powerpoint-presentation-code-execution(29009)
Last major update 19-10-2018 - 15:41
Published 14-03-2006 - 23:02
Last modified 19-10-2018 - 15:41
Back to Top