Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-442
Vulnerability from certfr_avis
Plusieurs vulnérabilités découvertes dans Microsoft Office permettent à un utilisateur mal intentionné d'exćuter du code arbitraire à distance.
Description
De multiples vulnérabilités causées par une erreur dans le traitement des fichiers Microsoft Office permettent à un utilisateur mal intentionné d'exécuter du code arbitraire à distance au moyen de documents Microsoft Office spécialement construits.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
- Microsoft Office 2000 Service Pack 3 :
- Microsoft Access 2000 ;
- Microsoft Excel 2000 ;
- Microsoft Frontpage 2000 ;
- Microsoft Outlook 2000 ;
- Microsoft PowerPoint 2000 ;
- Microsoft Publisher 2000 ;
- Microsoft Word 2000.
- Microsoft Office XP Service Pack 3 :
- Microsoft Access 2002 ;
- Microsoft Excel 2002 ;
- Microsoft Frontpage 2002 ;
- Microsoft Outlook 2002 ;
- Microsoft PowerPoint 2002 ;
- Microsoft Publisher 2002 ;
- Microsoft Visio 2002 ;
- Microsoft Word 2002.
- Microsoft Office 2003 Service Pack 1 et Service Pack 2 :
- Microsoft Access 2003 ;
- Microsoft Excel 2003 ;
- Microsoft Excel 2003 Viewer ;
- Microsoft Frontpage 2003 ;
- Microsoft InfoPath 2003 ;
- Microsoft OneNote 2003 ;
- Microsoft Outlook 2003 ;
- Microsoft PowerPoint 2003 ;
- Microsoft Project 2003 ;
- Microsoft Publisher 2003 ;
- Microsoft Visio 2003 ;
- Microsoft Word 2003 ;
- Microsoft Word 2003 Viewer.
- Microsoft Project 2000 Service Release 1 ;
- Microsoft Project 2002 Service Pack 1 ;
- Microsoft Visio 2002 Service Pack 2 ;
- Microsoft Office 2004 pour Mac ;
- Microsoft Office v.X pour Mac.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cOL\u003e \u003cLI\u003eMicrosoft Office 2000 Service Pack 3 : \u003cUL\u003e \u003cLI\u003eMicrosoft Access 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Excel 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Frontpage 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Outlook 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft PowerPoint 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Publisher 2000 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Word 2000.\u003c/LI\u003e \u003c/UL\u003e \u003c/LI\u003e \u003cLI\u003eMicrosoft Office XP Service Pack 3 : \u003cUL\u003e \u003cLI\u003eMicrosoft Access 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Excel 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Frontpage 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Outlook 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft PowerPoint 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Publisher 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Visio 2002 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Word 2002.\u003c/LI\u003e \u003c/UL\u003e \u003c/LI\u003e \u003cLI\u003eMicrosoft Office 2003 Service Pack 1 et Service Pack 2 : \u003cUL\u003e \u003cLI\u003eMicrosoft Access 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Excel 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Excel 2003 Viewer ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Frontpage 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft InfoPath 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft OneNote 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Outlook 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft PowerPoint 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Project 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Publisher 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Visio 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Word 2003 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Word 2003 Viewer.\u003c/LI\u003e \u003c/UL\u003e \u003c/LI\u003e \u003cLI\u003eMicrosoft Project 2000 Service Release 1 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Project 2002 Service Pack 1 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Visio 2002 Service Pack 2 ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Office 2004 pour Mac ;\u003c/LI\u003e \u003cLI\u003eMicrosoft Office v.X pour Mac.\u003c/LI\u003e \u003c/OL\u003e",
"content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s caus\u00e9es par une erreur dans le traitement\ndes fichiers Microsoft Office permettent \u00e0 un utilisateur mal\nintentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance au moyen de\ndocuments Microsoft Office sp\u00e9cialement construits.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-3868",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3868"
},
{
"name": "CVE-2006-3434",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3434"
},
{
"name": "CVE-2006-3650",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3650"
},
{
"name": "CVE-2006-3864",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3864"
}
],
"initial_release_date": "2006-10-11T00:00:00",
"last_revision_date": "2006-10-11T00:00:00",
"links": [],
"reference": "CERTA-2006-AVI-442",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-10-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Microsoft Office permettent \u00e0\nun utilisateur mal intentionn\u00e9 d\u0027ex\u0107uter du code arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Office",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-062 du 10 octobre 2006",
"url": "http://www.microsoft.com/technet/security/Bulletin/MS06-062.mspx"
}
]
}
CVE-2006-3864 (GCVE-0-2006-3864)
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.238Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oval:org.mitre.oval:def:632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "29429",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29429"
},
{
"name": "VU#176556",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/176556"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secway.org/advisory/AD20061010.txt"
},
{
"name": "20384",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20384"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22339"
},
{
"name": "922581",
"tags": [
"vendor-advisory",
"x_refsource_MSKB",
"x_transferred"
],
"url": "http://support.microsoft.com/kb/922581"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "oval:org.mitre.oval:def:632",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "29429",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29429"
},
{
"name": "VU#176556",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/176556"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secway.org/advisory/AD20061010.txt"
},
{
"name": "20384",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20384"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22339"
},
{
"name": "922581",
"tags": [
"vendor-advisory",
"x_refsource_MSKB"
],
"url": "http://support.microsoft.com/kb/922581"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an \"array boundary condition\" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:632",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "29429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29429"
},
{
"name": "VU#176556",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/176556"
},
{
"name": "http://secway.org/advisory/AD20061010.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20061010.txt"
},
{
"name": "20384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20384"
},
{
"name": "MS06-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20061011 Microsoft Office Malformed Record Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448268/100/0/threaded"
},
{
"name": "22339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22339"
},
{
"name": "922581",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/922581"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3864",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.238Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3434 (GCVE-0-2006-3434)
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:33.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#234900",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/234900"
},
{
"name": "oval:org.mitre.oval:def:389",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20382",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20382"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#234900",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/234900"
},
{
"name": "oval:org.mitre.oval:def:389",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20382",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20382"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#234900",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/234900"
},
{
"name": "oval:org.mitre.oval:def:389",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A389"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "20382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20382"
},
{
"name": "22339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3434",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-07T00:00:00",
"dateUpdated": "2024-08-07T18:30:33.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3650 (GCVE-0-2006-3650)
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:39:53.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20383",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20383"
},
{
"name": "20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"
},
{
"name": "29428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29428"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:222",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"
},
{
"name": "VU#534276",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/534276"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22339"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20383",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20383"
},
{
"name": "20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"
},
{
"name": "29428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29428"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:222",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"
},
{
"name": "VU#534276",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/534276"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22339"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20383",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20383"
},
{
"name": "20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"
},
{
"name": "29428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29428"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"
},
{
"name": "MS06-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:222",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"
},
{
"name": "VU#534276",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/534276"
},
{
"name": "22339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22339"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3650",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-17T00:00:00",
"dateUpdated": "2024-08-07T18:39:53.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3868 (GCVE-0-2006-3868)
Vulnerability from cvelistv5
Published
2006-10-10 22:00
Modified
2024-08-07 18:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:48:39.423Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "29430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/29430"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "VU#807780",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/807780"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22339"
},
{
"name": "20320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20320"
},
{
"name": "oval:org.mitre.oval:def:740",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A740"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "29430",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/29430"
},
{
"name": "SSRT061264",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "VU#807780",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/807780"
},
{
"name": "HPSBST02161",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "22339",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22339"
},
{
"name": "20320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20320"
},
{
"name": "oval:org.mitre.oval:def:740",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A740"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-3868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "29430",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/29430"
},
{
"name": "SSRT061264",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "ADV-2006-3981",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3981"
},
{
"name": "MS06-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"
},
{
"name": "1017034",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017034"
},
{
"name": "VU#807780",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/807780"
},
{
"name": "HPSBST02161",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
},
{
"name": "22339",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22339"
},
{
"name": "20320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20320"
},
{
"name": "oval:org.mitre.oval:def:740",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A740"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-3868",
"datePublished": "2006-10-10T22:00:00",
"dateReserved": "2006-07-26T00:00:00",
"dateUpdated": "2024-08-07T18:48:39.423Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…