CVE-2006-5296 - OpenCVE

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Powerpoint

Configuration 1 [-]

cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*

References

Link	Resource
http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx
http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx
http://research.eeye.com/html/alerts/zeroday/20061012_2.html
http://secunia.com/advisories/22394	Vendor Advisory
http://securitytracker.com/id?1017059
http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553
http://www.osvdb.org/29720
http://www.securityfocus.com/bid/20495	Exploit
http://www.vupen.com/english/advisories/2006/4031
https://exchange.xforce.ibmcloud.com/vulnerabilities/29507
https://www.exploit-db.com/exploits/2523

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-16T19:00:00

Updated: 2017-10-18T16:57:01

Reserved: 2006-10-16T00:00:00

Link: CVE-2006-5296

JSON object: View

NVD Information

Status : Modified

Published: 2006-10-16T19:07:00.000

Modified: 2017-10-19T01:29:32.643

Link: CVE-2006-5296

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4031", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"name": "1017059", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017059"}, {"tags": ["x_refsource_MISC"], "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"tags": ["x_refsource_MISC"], "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"name": "29720", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29720"}, {"name": "22394", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22394"}, {"name": "2523", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2523"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "powerpoint-presentation-bo(29507)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"name": "20495", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20495"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5296", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4031", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"name": "1017059", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017059"}, {"name": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553", "refsource": "MISC", "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"name": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html", "refsource": "MISC", "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"name": "29720", "refsource": "OSVDB", "url": "http://www.osvdb.org/29720"}, {"name": "22394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22394"}, {"name": "2523", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2523"}, {"name": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx", "refsource": "CONFIRM", "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "powerpoint-presentation-bo(29507)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"name": "20495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20495"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5296", "datePublished": "2006-10-16T19:00:00", "dateReserved": "2006-10-16T00:00:00", "dateUpdated": "2017-10-18T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*", "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous."}, {"lang": "es", "value": "PowerPoint en Microsoft Office 2003 no maneja adecuadamente un objeto contenedor cuyo valor de posici\u00f3n excede la longitud del registro, lo cual permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (referencia NULL y ca\u00edda de aplicaci\u00f3n) mediante un archivo PowerPoint (.PPT) manipulado, como ha demostrado Nanika.ppt. Es una vulnerabilidad diferente de CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, y CVE-2006-4694. NOTA: el impacto de este problema fue originalmente clasificado como ejecuci\u00f3n de c\u00f3digo arbitrario, pero un an\u00e1lisis posterior ha demostrado que esta afirmaci\u00f3n era err\u00f3nea."}], "id": "CVE-2006-5296", "lastModified": "2017-10-19T01:29:32.643", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-16T19:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"source": "cve@mitre.org", "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22394"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017059"}, {"source": "cve@mitre.org", "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29720"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20495"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2523"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}