[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-0009Date: (C)2006-03-14   (M)2023-12-22


Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1015766
SECTRACK-1016720
SECTRACK-1016886
BID-17000
SECUNIA-19138
SECUNIA-19238
BID-20059
http://www.securityfocus.com/archive/1/427671/100/0/threaded
http://www.securityfocus.com/archive/1/432004/30/5340/threaded
http://www.securityfocus.com/archive/1/443890/100/0/threaded
http://www.securityfocus.com/archive/1/444051/100/200/threaded
http://www.securityfocus.com/archive/1/446425/100/0/threaded
http://www.securityfocus.com/archive/1/446370/100/0/threaded
OSVDB-23903
ADV-2006-0950
ADV-2006-3678
MS06-012
TA06-073A
VU#682820
http://blogs.securiteam.com/?author=28
http://blogs.securiteam.com/?p=557
http://blogs.securiteam.com/?p=559
http://isc.sans.org/diary.php?storyid=1618
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
http://www.darkreading.com/document.asp?doc_id=101970
http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_MDROPPER.BH
office-routing-slip-bo(25009)
oval:org.mitre.oval:def:1504
oval:org.mitre.oval:def:1553
oval:org.mitre.oval:def:1653
oval:org.mitre.oval:def:798
powerpoint-presentation-code-execution(29009)

CPE    12
cpe:/a:microsoft:office:xp:sp3
cpe:/a:microsoft:office:2003:sp1
cpe:/a:microsoft:office:2003:sp2
cpe:/a:microsoft:office:2000:sp3
...
OVAL    4
oval:org.mitre.oval:def:1504
oval:org.mitre.oval:def:798
oval:org.mitre.oval:def:1653
oval:org.mitre.oval:def:1553
...

© SecPod Technologies