CyberSec.Space Logo
Back to CVE Browser

CVE-2006-3435

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1270%
EPSS Percentile31.09th
PublishedOct 10, 2006
Last ModifiedApr 23, 2026

Vulnerability Description

PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.

Affected Platforms (CPE)

πŸ“¦
Microsoft

Office

= 2000
πŸ“¦
Microsoft

Office

= 2000
πŸ“¦
Microsoft

Office

= 2000
πŸ“¦
Microsoft

Office

= 2000
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2003
πŸ“¦
Microsoft

Office

= 2004
πŸ“¦
Microsoft

Office

= v.x
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office

= xp
πŸ“¦
Microsoft

Office

= xp

References & Advisories

πŸ”— http://securitytracker.com/id?1017030
πŸ”— http://www.kb.cert.org/vuls/id/187028
πŸ”— http://www.osvdb.org/29446
πŸ”— http://www.securityfocus.com/archive/1/448149/100/0/threaded
πŸ”— http://www.securityfocus.com/archive/1/449179/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/20304
πŸ”— http://www.vupen.com/english/advisories/2006/3977
πŸ”— http://www.zerodayinitiative.com/advisories/ZDI-06-032.html

Related Vulnerabilities

CVE-2001-122310.0

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers...

CVE-2001-126010.0

Avaya Argent Office uses weak encryption (trivial encoding) for passwords, which allows remote attackers to gain administrator pri...

CVE-2000-085410.0

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.d...

CVE-2007-111710.0

Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspeci...