Microsoft PowerPoint恶意PPT文件任意指令执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194148 漏洞类型 Unknown
发布时间 2006-07-30 更新时间 2006-11-30
CVE编号 CVE-2006-3656 CNNVD-ID CNNVD-200607-228
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://www.securityfocus.com/bid/19229
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-228
|漏洞详情
MicrosoftPowerPoint是非常流行的文稿演示工具。MicrosoftPowerPoint2003存在未明漏洞。如果用户受骗打开了精心构造的只读属性的恶意PPT文件,则在关闭该文件时就可能执行任意指令。
|受影响的产品
Microsoft PowerPoint 2003 French Edition SP2 Microsoft PowerPoint 2003 SP2 + Microsoft Office 2003 SP2 Microsoft PowerPoint 2003 SP1 +
|参考资料

来源:XF
名称:powerpoint-mso-code-execution2(27781)
链接:http://xforce.iss.net/xforce/xfdb/27781
来源:BID
名称:19229
链接:http://www.securityfocus.com/bid/19229
来源:BID
名称:18993
链接:http://www.securityfocus.com/bid/18993
来源:BUGTRAQ
名称:20060715MSPowerPointMultipleVulnerabilities-(memorycorruption)POC
链接:http://www.securityfocus.com/archive/1/archive/1/440108/100/0/threaded
来源:VUPEN
名称:ADV-2006-2815
链接:http://www.frsirt.com/english/advisories/2006/2815
来源:SECUNIA
名称:21061
链接:http://secunia.com/advisories/21061
来源:MISC
链接:http://packetstormsecurity.org/0607-exploits/mspp-poc3.txt
来源:MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/PP2003sp2patched_fr_exploit-method.txt
来源:XF
名称:powerpoint-unspecified-memory-corruption(27782)
链接:http://xforce.iss.net/xforce/xfdb/27782
来源:BUGTRAQ
名称:20060717NewCVEidentifiersforseparatePowerPoint0-dayissuesassigned
链接:http://www.securityfocus.com/archive/1/archive/1/440867/100/0/threaded
来源:BUGTRAQ
名称:20060718AboutthelatestthreePowerpointvulnerabilities