Vulnerability-Lookup

CVE-2006-3876 (GCVE-0-2006-3876)

Vulnerability from cvelistv5 – Published: 2006-10-11 01:00 – Updated: 2024-08-07 18:48

Summary

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.

Severity ?

No CVSS data available.

CWE

Assigner

microsoft

References

URL

Tags

	http://www.securityfocus.com/archive/1/449179/100…	vendor-advisoryx_refsource_HP
	http://www.kb.cert.org/vuls/id/938196	third-party-advisoryx_refsource_CERT-VN
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.securityfocus.com/bid/20322	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/449179/100…	vendor-advisoryx_refsource_HP
	http://www.vupen.com/english/advisories/2006/3977	vdb-entryx_refsource_VUPEN
	http://www.osvdb.org/29447	vdb-entryx_refsource_OSVDB
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	http://securitytracker.com/id?1017030	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.238Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SSRT061264",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "VU#938196",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/938196"
          },
          {
            "name": "oval:org.mitre.oval:def:453",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
          },
          {
            "name": "20322",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20322"
          },
          {
            "name": "HPSBST02161",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "ADV-2006-3977",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3977"
          },
          {
            "name": "29447",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29447"
          },
          {
            "name": "MS06-058",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
          },
          {
            "name": "1017030",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017030"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-10T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T00:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "SSRT061264",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "VU#938196",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/938196"
        },
        {
          "name": "oval:org.mitre.oval:def:453",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
        },
        {
          "name": "20322",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20322"
        },
        {
          "name": "HPSBST02161",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
        },
        {
          "name": "ADV-2006-3977",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3977"
        },
        {
          "name": "29447",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29447"
        },
        {
          "name": "MS06-058",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
        },
        {
          "name": "1017030",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017030"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3876",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SSRT061264",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "VU#938196",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/938196"
            },
            {
              "name": "oval:org.mitre.oval:def:453",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
            },
            {
              "name": "20322",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20322"
            },
            {
              "name": "HPSBST02161",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            },
            {
              "name": "ADV-2006-3977",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3977"
            },
            {
              "name": "29447",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29447"
            },
            {
              "name": "MS06-058",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
            },
            {
              "name": "1017030",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017030"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2006-3876",
    "datePublished": "2006-10-11T01:00:00.000Z",
    "dateReserved": "2006-07-26T04:00:00.000Z",
    "dateUpdated": "2024-08-07T18:48:39.238Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2006-3876

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3876

Aliases

CVE-2006-3876

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3876",
    "description": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.",
    "id": "GSD-2006-3876"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3876"
      ],
      "details": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.",
      "id": "GSD-2006-3876",
      "modified": "2023-12-13T01:19:57.178127Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2006-3876",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "SSRT061264",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "VU#938196",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/938196"
          },
          {
            "name": "oval:org.mitre.oval:def:453",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
          },
          {
            "name": "20322",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/20322"
          },
          {
            "name": "HPSBST02161",
            "refsource": "HP",
            "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
          },
          {
            "name": "ADV-2006-3977",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3977"
          },
          {
            "name": "29447",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/29447"
          },
          {
            "name": "MS06-058",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
          },
          {
            "name": "1017030",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017030"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2001:sr1:*:*:*:mac_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:mac_os:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2006-3876"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#938196",
              "refsource": "CERT-VN",
              "tags": [
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/938196"
            },
            {
              "name": "1017030",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://securitytracker.com/id?1017030"
            },
            {
              "name": "29447",
              "refsource": "OSVDB",
              "tags": [
                "Broken Link"
              ],
              "url": "http://www.osvdb.org/29447"
            },
            {
              "name": "20322",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/20322"
            },
            {
              "name": "ADV-2006-3977",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3977"
            },
            {
              "name": "oval:org.mitre.oval:def:453",
              "refsource": "OVAL",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
            },
            {
              "name": "MS06-058",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
            },
            {
              "name": "SSRT061264",
              "refsource": "HP",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-30T16:25Z",
      "publishedDate": "2006-10-10T21:07Z"
    }
  }
}

GHSA-4842-R7QR-QMJQ

Vulnerability from github – Published: 2022-05-01 07:13 – Updated: 2022-05-01 07:13

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3876"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-94"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-10-10T21:07:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.",
  "id": "GHSA-4842-r7qr-qmjq",
  "modified": "2022-05-01T07:13:18Z",
  "published": "2022-05-01T07:13:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3876"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017030"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/938196"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/29447"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/20322"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3977"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-438

Vulnerability from certfr_avis - Published: 2006-10-11 - Updated: 2006-10-11

Plusieurs vulnérabilités ont été identifiées dans l'application Microsoft Powerpoint, fournie dans la suite bureautique Microsoft Office pour manipuler des documents de présentations.

Une personne malveillante pourrait exploiter l'une d'elles en construisant un document Powerpoint particulier. Lorsque celui-ci est ouvert sur une machine ayant une version de Powerpoint vulnérable, il exécuterait du code arbitraire, et permettrait donc de prendre le contrôle de la machine.

Description

Plusieurs vulnérabilités ont été identifiées dans l'application Microsoft Powerpoint, fournie dans la suite bureautique Microsoft Office pour manipuler des documents de présentations. Parmi celles-ci :

Powerpoint ne manipulerait pas correctement les documents Powerpoint contenant un pointeur d'objet incorrect.
Powerpoint ne gérerait pas de manière convenable les enregistrements de données de certains documents Powerpoint.
un script Visual Basic (VB) utilisant la fonction SlideShowWindows.View.GotoNamedShow() et inséré dans un document de présentation perturberait Powerpoint.

Une personne malveillante pourrait exploiter l'une de ces vulnérabilités en construisant un document Powerpoint particulier. Lorsque celui-ci est ouvert sur une machine ayant une version de Powerpoint vulnérable, il exécuterait du code arbitraire, et permettrait donc de prendre le contrôle de la machine.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Microsoft Powerpoint 2000 dans la suite bureautique Microsoft Office 2000 Service Pack 3;
Microsoft Powerpoint 2002 dans la suite bureautique Microsoft Office XP Service Pack 3 ;
Microsoft Powerpoint 2003 dans la suite bureautique Microsoft Office 2003 Service Pack 1 ou 2 ;
Microsoft Powerpoint 2004 dans la suite bureautique Microsoft Office 2004 pour Mac ;
Microsoft Powerpoint v.X dans la suite bureautique Microsoft Office v.X pour Mac.

La visionneuse Microsoft Powerpoint 2003 (Viewer) ne serait pas affectée par ces vulnérabilités.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2006-3876

Vulnerability from fkie_nvd - Published: 2006-10-10 21:07 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
secure@microsoft.com	http://securitytracker.com/id?1017030	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.kb.cert.org/vuls/id/938196	Third Party Advisory, US Government Resource
secure@microsoft.com	http://www.osvdb.org/29447	Broken Link
secure@microsoft.com	http://www.securityfocus.com/archive/1/449179/100/0/threaded
secure@microsoft.com	http://www.securityfocus.com/bid/20322	Third Party Advisory, VDB Entry
secure@microsoft.com	http://www.vupen.com/english/advisories/2006/3977	Vendor Advisory
secure@microsoft.com	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058
secure@microsoft.com	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017030	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/938196	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/29447	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/449179/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/20322	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3977	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453	Third Party Advisory

Impacted products

Vendor	Product	Version
microsoft	office	2000
microsoft	office	2000
microsoft	office	2000
microsoft	office	2000
microsoft	office	2000
microsoft	office	2000
microsoft	office	2000
microsoft	office	2001
microsoft	office	2001
microsoft	office	2001
microsoft	office	2003
microsoft	office	2003
microsoft	office	2003
microsoft	office	2003
microsoft	office	2004

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*",
              "matchCriteriaId": "757EC6C1-F5E2-45CD-9F7F-7760ECEDC842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*",
              "matchCriteriaId": "59B1B68C-86F1-4FA4-9F82-3E8761ED1E74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*",
              "matchCriteriaId": "716DDA05-D094-4837-852C-0511CDDD5ABC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "3C54DDAF-8D7F-4A7D-9186-6048D4C850B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "67388076-420D-4327-A436-329177EA6F42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:*:*:*",
              "matchCriteriaId": "64B3099E-DFA0-4C7E-B016-370028BF8387",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:mac_os:*:*",
              "matchCriteriaId": "43AE142C-E7AD-418E-BA9B-887285EE9620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2001:sr1:*:*:*:mac_os:*:*",
              "matchCriteriaId": "23E6544C-3695-45E6-A8AD-2F3A3B574915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os:*:*",
              "matchCriteriaId": "C548E35A-C9DF-4784-824A-EEBB693CD388",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en PowerPoint en Microsoft Office 2000, Office 2002, Office 2003, Office 2004 para Mac, y Office v.X para Mac permite a atacantes con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un registro Data artesanal en un fichero PPT, una vulnerabilidad diferente que CVE-2006-3435 y CVE-2006-4694."
    }
  ],
  "id": "CVE-2006-3876",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-10-10T21:07:00.000",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017030"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/938196"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/29447"
    },
    {
      "source": "secure@microsoft.com",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/20322"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3977"
    },
    {
      "source": "secure@microsoft.com",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://securitytracker.com/id?1017030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/938196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/29447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/20322"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-058"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A453"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3876 (GCVE-0-2006-3876)

GSD-2006-3876

GHSA-4842-R7QR-QMJQ

CERTA-2006-AVI-438

Description

Solution

FKIE_CVE-2006-3876

Tags

Sightings

Nomenclature