Executive Summary

Informations
NameCVE-2006-5296First vendor Publication2006-10-16
VendorCveLast vendor Modification2011-03-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5296

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1

Milw0rm Exploits

idDescription
2006-10-12Microsoft Office 2003 PPT Local Buffer Overflow PoC

Open Source Vulnerability Database (OSVDB)

idDescription
29720Microsoft PowerPoint Unspecified Code Execution

Snort® IPS/IDS

DateDescription
2014-01-10Microsoft Office PowerPoint MCAtom remote code execution attempt
RuleID : 17320 - Revision : 11 - Type : FILE-OFFICE
2014-01-10Microsoft Office PowerPoint MCAtom remote code execution attempt
RuleID : 17319 - Revision : 11 - Type : FILE-OFFICE
2014-01-10Microsoft Office PowerPoint MCAtom remote code execution attempt
RuleID : 17318 - Revision : 11 - Type : FILE-OFFICE

Internal Sources (Detail)

SourceUrl
BIDhttp://www.securityfocus.com/bid/20495
CONFIRMhttp://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-web...
MILW0RMhttp://milw0rm.com/exploits/2523
MISChttp://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-...
http://research.eeye.com/html/alerts/zeroday/20061012_2.html
http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553
OSVDBhttp://www.osvdb.org/29720
SECTRACKhttp://securitytracker.com/id?1017059
SECUNIAhttp://secunia.com/advisories/22394
VUPENhttp://www.vupen.com/english/advisories/2006/4031
XFhttp://xforce.iss.net/xforce/xfdb/29507

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-01-19 21:23:36
  • Multiple Updates
2013-05-11 11:11:31
  • Multiple Updates