Executive Summary

Informations
Name CVE-2006-0009 First vendor Publication 2006-03-14
Vendor Cve Last vendor Modification 2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 5.1 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0009

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1504
 
Oval ID: oval:org.mitre.oval:def:1504
Title: Excel 2003 Remote Code Execution via Malformed Routing Slip
Description: Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0009
 Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s): Microsoft Office
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1553
 
Oval ID: oval:org.mitre.oval:def:1553
Title: Office 2000 Remote Code Execution via Malformed Routing Slip
Description: Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0009
 Version: 4
Platform(s): Microsoft Windows 2000
 Product(s): Microsoft Office
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1653
 
Oval ID: oval:org.mitre.oval:def:1653
Title: Excel Viewer 2003 Remote Code Execution via Malformed Routing Slip
Description: Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0009
 Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s): Microsoft Office
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:798
 
Oval ID: oval:org.mitre.oval:def:798
Title: Office XP Remote Code Execution via Malformed Routing Slip
Description: Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
Family: windows Class: vulnerability
Reference(s): CVE-2006-0009
 Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
 Product(s): Microsoft Office
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 6
Application 7

ExploitDB Exploits

id Description
2005-12-19 Microsoft Excel 95/97/2000/2002/2003/2004 Unspecified Memory Corruption Vulne...

Open Source Vulnerability Database (OSVDB)

Id Description
23903 Microsoft Office Crafted Routing Slip Arbitrary Code Execution

A remote overflow exists in Microsoft Office 2000, Office XP (2002), and Office 2003. The Microsoft Word, Excel, PowerPoint, and Outlook applications fail to parse the routing slip metadata resulting in a buffer overflow. With a specially crafted document, an attacker can cause arbitrary code execution when a user closes a malicious document resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2014-11-16 Microsoft Office Excel malformed file format parsing code execution attempt
RuleID : 32083 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel malformed graphic record code execution attempt
RuleID : 23150 - Revision : 6 - Type : FILE-OFFICE
2014-01-10 Microsoft Office malformed routing slip code execution attempt
RuleID : 17284 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel malformed file format parsing code execution attempt
RuleID : 16059 - Revision : 17 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2006-03-14 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms06-012.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH
Source Url
BID http://www.securityfocus.com/bid/17000
http://www.securityfocus.com/bid/20059
BUGTRAQ http://www.securityfocus.com/archive/1/427671/100/0/threaded
http://www.securityfocus.com/archive/1/432004/30/5340/threaded
http://www.securityfocus.com/archive/1/443890/100/0/threaded
http://www.securityfocus.com/archive/1/444051/100/200/threaded
http://www.securityfocus.com/archive/1/446370/100/0/threaded
http://www.securityfocus.com/archive/1/446425/100/0/threaded
CERT http://www.us-cert.gov/cas/techalerts/TA06-073A.html
CERT-VN http://www.kb.cert.org/vuls/id/682820
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html
MISC http://blogs.securiteam.com/?author=28
http://blogs.securiteam.com/?p=557
http://blogs.securiteam.com/?p=559
http://isc.sans.org/diary.php?storyid=1618
http://www.darkreading.com/document.asp?doc_id=101970
http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
MS https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06...
OSVDB http://www.osvdb.org/23903
OVAL https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.ova...
SECTRACK http://securitytracker.com/id?1015766
http://securitytracker.com/id?1016720
http://securitytracker.com/id?1016886
SECUNIA http://secunia.com/advisories/19138
http://secunia.com/advisories/19238
VUPEN http://www.vupen.com/english/advisories/2006/0950
http://www.vupen.com/english/advisories/2006/3678
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/25009
https://exchange.xforce.ibmcloud.com/vulnerabilities/29009

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2023-11-07 21:48:05
  • Multiple Updates
2021-05-04 12:03:35
  • Multiple Updates
2021-04-22 01:04:03
  • Multiple Updates
2020-05-23 00:17:17
  • Multiple Updates
2018-10-19 21:19:43
  • Multiple Updates
2018-10-13 00:22:32
  • Multiple Updates
2017-10-11 09:23:36
  • Multiple Updates
2017-07-11 12:02:08
  • Multiple Updates
2016-06-28 15:33:08
  • Multiple Updates
2016-04-26 14:10:42
  • Multiple Updates
2014-02-17 10:34:12
  • Multiple Updates
2014-01-19 21:23:02
  • Multiple Updates
2013-05-11 10:46:00
  • Multiple Updates