CVE-2006-3590
MEDIUM severity · CVSS 5.1
5.1CVSS MEDIUM
Summary
mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)14%
AV:N/AC:H/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://secunia.com/advisories/21040Advisory
- http://blogs.securiteam.com/?p=508
- http://isc.sans.org/diary.php?storyid=1484
- http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html
- http://securitytracker.com/id?1016496
- http://www.kb.cert.org/vuls/id/936945
- http://www.osvdb.org/27324
- http://www.securityfocus.com/archive/1/440137/100/0/threaded