CVE-2006-3590 - Vulnerability Details - OpenCVE

mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Powerpoint

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:powerpoint:2000:::::::*
	cpe:2.3:a:microsoft:powerpoint:2002:::::::*
	cpe:2.3:a:microsoft:powerpoint:2003:::::::*
	cpe:2.3:a:microsoft:powerpoint:2003:sp1::::::
	cpe:2.3:a:microsoft:powerpoint:2003:sp2::::::

No data.

References

Link	Providers
http://blogs.securiteam.com/?p=508
http://isc.sans.org/diary.php?storyid=1484
http://secunia.com/advisories/21040
http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html
http://securitytracker.com/id?1016496
http://www.kb.cert.org/vuls/id/936945
http://www.osvdb.org/27324
http://www.securityfocus.com/archive/1/440137/100/0/threaded
http://www.securityfocus.com/archive/1/440255/100/0/threaded
http://www.securityfocus.com/archive/1/440532/100/0/threaded
http://www.securityfocus.com/bid/18957
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
http://www.vupen.com/english/advisories/2006/2795
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048
https://exchange.xforce.ibmcloud.com/vulnerabilities/27740
https://exchange.xforce.ibmcloud.com/vulnerabilities/27781
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-14T18:00:00

Updated: 2024-08-07T18:30:34.516Z

Reserved: 2006-07-14T00:00:00

Link: CVE-2006-3590

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-07-14T18:05:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3590

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-13T00:00:00", "descriptions": [{"lang": "en", "value": "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MS06-048", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"}, {"name": "21040", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21040"}, {"tags": ["x_refsource_MISC"], "url": "http://isc.sans.org/diary.php?storyid=1484"}, {"tags": ["x_refsource_MISC"], "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.securiteam.com/?p=508"}, {"name": "20060718 New PowerPoint Trojan installs itself as LSP", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"}, {"name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"}, {"name": "powerpoint-mso-code-execution2(27781)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"}, {"name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"}, {"name": "TA06-220A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "ADV-2006-2795", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2795"}, {"name": "1016496", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016496"}, {"name": "VU#936945", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/936945"}, {"name": "27324", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27324"}, {"name": "powerpoint-mso-code-execution(27740)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"}, {"name": "18957", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18957"}, {"name": "oval:org.mitre.oval:def:399", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3590", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS06-048", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"}, {"name": "21040", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21040"}, {"name": "http://isc.sans.org/diary.php?storyid=1484", "refsource": "MISC", "url": "http://isc.sans.org/diary.php?storyid=1484"}, {"name": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html", "refsource": "MISC", "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"}, {"name": "http://blogs.securiteam.com/?p=508", "refsource": "MISC", "url": "http://blogs.securiteam.com/?p=508"}, {"name": "20060718 New PowerPoint Trojan installs itself as LSP", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"}, {"name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"}, {"name": "powerpoint-mso-code-execution2(27781)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"}, {"name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"}, {"name": "TA06-220A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "ADV-2006-2795", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2795"}, {"name": "1016496", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016496"}, {"name": "VU#936945", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/936945"}, {"name": "27324", "refsource": "OSVDB", "url": "http://www.osvdb.org/27324"}, {"name": "powerpoint-mso-code-execution(27740)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"}, {"name": "18957", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18957"}, {"name": "oval:org.mitre.oval:def:399", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:34.516Z"}, "title": "CVE Program Container", "references": [{"name": "MS06-048", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"}, {"name": "21040", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21040"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://isc.sans.org/diary.php?storyid=1484"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.securiteam.com/?p=508"}, {"name": "20060718 New PowerPoint Trojan installs itself as LSP", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"}, {"name": "20060716 Several updates in MS PowerPoint 0-day Vulnerability FAQ at SecuriTeam Blogs", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"}, {"name": "powerpoint-mso-code-execution2(27781)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"}, {"name": "20060714 Microsoft PowerPoint 0-day Vulnerability FAQ document written", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"}, {"name": "TA06-220A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"name": "ADV-2006-2795", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2795"}, {"name": "1016496", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016496"}, {"name": "VU#936945", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/936945"}, {"name": "27324", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27324"}, {"name": "powerpoint-mso-code-execution(27740)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"}, {"name": "18957", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/18957"}, {"name": "oval:org.mitre.oval:def:399", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3590", "datePublished": "2006-07-14T18:00:00", "dateReserved": "2006-07-14T00:00:00", "dateUpdated": "2024-08-07T18:30:34.516Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:powerpoint:2000:*:*:*:*:*:*:*", "matchCriteriaId": "3E392539-ABF6-4B5C-AEC3-C54B51E0DB70", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2002:*:*:*:*:*:*:*", "matchCriteriaId": "711D9CC0-31B8-4511-A9F3-CA328A02ED84", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*", "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:sp1:*:*:*:*:*:*", "matchCriteriaId": "8A83E4CC-3182-465A-BE82-619445B23EEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:sp2:*:*:*:*:*:*", "matchCriteriaId": "EACB44AC-9433-4D28-9EC4-1F6857C3A57D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493."}, {"lang": "es", "value": "mso.dll, usado por Microsoft PowerPoint 2000 a 2003, permite a atacantes remotos con la complicidad del usuario ejecutar \u00f3rdenes de su elecci\u00f3n mediante la configuraci\u00f3n de la forma malformado en un fichero PPT , lo que causa una corrupci\u00f3n de memoria, explotado por Trojan.PPDropper.B, un asunto diferente que CVE-2006-1540 y CVE-2006-3493.\r\n"}], "id": "CVE-2006-3590", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-07-14T18:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blogs.securiteam.com/?p=508"}, {"source": "cve@mitre.org", "url": "http://isc.sans.org/diary.php?storyid=1484"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21040"}, {"source": "cve@mitre.org", "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016496"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/936945"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27324"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18957"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2795"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.securiteam.com/?p=508"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://isc.sans.org/diary.php?storyid=1484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21040"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.ppdropper.b.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/936945"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27324"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440137/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440255/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440532/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/18957"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA06-220A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/2795"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27740"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A399"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}