CVE-2006-4274 - ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execut

CVE-2006-4274

Summary

** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.

References

Vulnerable Configurations

CVSS

Base:	5.0
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

refmap via4

bugtraq	20060820 New PowerPoint 0-day and Trojan - FAQ document ready 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue 20060823 New malware names and updates to PowerPoint FAQ document
fulldisc	20060822 Major updates in PowerPoint FAQ document - not a 0-day issue
misc	http://blogs.securiteam.com/?p=557 http://blogs.securiteam.com/?p=559 http://isc.sans.org/diary.php?storyid=1618 http://www.darkreading.com/document.asp?doc_id=101970
sectrack	1016720

Last major update

10-09-2008 - 20:27

Published

21-08-2006 - 22:04

Last modified

10-09-2008 - 20:27