{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01.000Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft"}, "references": [{"name": "20383", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20383"}, {"name": "20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"}, {"name": "29428", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29428"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "ADV-2006-3981", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3981"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"}, {"name": "MS06-062", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"}, {"name": "1017034", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017034"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:222", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"}, {"name": "VU#534276", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/534276"}, {"name": "22339", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22339"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@microsoft.com", "ID": "CVE-2006-3650", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20383", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20383"}, {"name": "20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"}, {"name": "29428", "refsource": "OSVDB", "url": "http://www.osvdb.org/29428"}, {"name": "SSRT061264", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "ADV-2006-3981", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3981"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"}, {"name": "MS06-062", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"}, {"name": "1017034", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017034"}, {"name": "HPSBST02161", "refsource": "HP", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:222", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"}, {"name": "VU#534276", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/534276"}, {"name": "22339", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22339"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:39:53.922Z"}, "title": "CVE Program Container", "references": [{"name": "20383", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20383"}, {"name": "20061010 ZDI-06-034: Microsoft Office Word Malformed Chart Code Execution Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"}, {"name": "29428", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29428"}, {"name": "SSRT061264", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "ADV-2006-3981", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3981"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"}, {"name": "MS06-062", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"}, {"name": "1017034", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017034"}, {"name": "HPSBST02161", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"name": "oval:org.mitre.oval:def:222", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"}, {"name": "VU#534276", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/534276"}, {"name": "22339", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22339"}]}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2006-3650", "datePublished": "2006-10-10T22:00:00.000Z", "dateReserved": "2006-07-17T00:00:00.000Z", "dateUpdated": "2024-08-07T18:39:53.922Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:*:*:*:*:*", "matchCriteriaId": "A9A82D13-513C-46FA-AF51-0582233E230A", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ja:*:*:*:*", "matchCriteriaId": "757EC6C1-F5E2-45CD-9F7F-7760ECEDC842", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:ko:*:*:*:*", "matchCriteriaId": "59B1B68C-86F1-4FA4-9F82-3E8761ED1E74", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:*:*:zh:*:*:*:*", "matchCriteriaId": "716DDA05-D094-4837-852C-0511CDDD5ABC", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp1:*:*:*:*:*:*", "matchCriteriaId": "3C54DDAF-8D7F-4A7D-9186-6048D4C850B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp2:*:*:*:*:*:*", "matchCriteriaId": "67388076-420D-4327-A436-329177EA6F42", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*", "matchCriteriaId": "4891122F-AD7F-45E6-98C6-833227916F6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:*:*:*", "matchCriteriaId": "64B3099E-DFA0-4C7E-B016-370028BF8387", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2001:*:*:*:*:mac_os:*:*", "matchCriteriaId": "43AE142C-E7AD-418E-BA9B-887285EE9620", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2001:sr1:*:*:*:mac_os:*:*", "matchCriteriaId": "23E6544C-3695-45E6-A8AD-2F3A3B574915", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2003:*:*:*:*:*:*:*", "matchCriteriaId": "DB7EA4CC-E705-42DB-86B6-E229DA36B66D", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*", "matchCriteriaId": "4EED9D78-AE73-44BA-A1CE-603994E92E89", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*", "matchCriteriaId": "07D3F3E4-93FB-481A-94D9-075E726697C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2003:sp3:*:*:*:*:*:*", "matchCriteriaId": "A332D04D-CC8C-4F68-A261-BA2F2D8EAD1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:2004:*:*:*:*:mac_os:*:*", "matchCriteriaId": "C548E35A-C9DF-4784-824A-EEBB693CD388", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:office:v.x:*:*:*:*:*:*:*", "matchCriteriaId": "310DF9B3-3494-4BD4-8A9D-82211EA6C518", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868."}, {"lang": "es", "value": "Microsoft Office 2000, XP, 2003, 2004 para Mac, y v.X para Mac no analiza adecuadamente la longitud de un registro de un gr\u00e1fico, lo cual permite a atacantes remotos con la intervenci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un documento Word con un registro de gr\u00e1fico mal formado que dispara la sobrescritura de los valores de punteros con valores del documento, una vulnerabilidad diferente que CVE-2006-3434, CVE-2006-3864, y CVE-2006-3868."}], "id": "CVE-2006-3650", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-10T22:07:00.000", "references": [{"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22339"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017034"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/534276"}, {"source": "secure@microsoft.com", "tags": ["Broken Link"], "url": "http://www.osvdb.org/29428"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"}, {"source": "secure@microsoft.com", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20383"}, {"source": "secure@microsoft.com", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3981"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"}, {"source": "secure@microsoft.com", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"}, {"source": "secure@microsoft.com", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22339"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1017034"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/534276"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.osvdb.org/29428"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/448151/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/449179/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/20383"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/3981"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-06-034.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A222"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}