CVE-2006-5296 - Vulnerability Details - OpenCVE

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.6784.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Powerpoint

Configuration 1 [-]

cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx
http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx
http://research.eeye.com/html/alerts/zeroday/20061012_2.html
http://secunia.com/advisories/22394
http://securitytracker.com/id?1017059
http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553
http://www.osvdb.org/29720
http://www.securityfocus.com/bid/20495
http://www.vupen.com/english/advisories/2006/4031
https://exchange.xforce.ibmcloud.com/vulnerabilities/29507
https://www.exploit-db.com/exploits/2523

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-10-16T19:00:00

Updated: 2024-08-07T19:48:29.131Z

Reserved: 2006-10-16T00:00:00

Link: CVE-2006-5296

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-10-16T19:07:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-5296

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-18T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-4031", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"name": "1017059", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1017059"}, {"tags": ["x_refsource_MISC"], "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"tags": ["x_refsource_MISC"], "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"name": "29720", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/29720"}, {"name": "22394", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22394"}, {"name": "2523", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/2523"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"tags": ["x_refsource_MISC"], "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "powerpoint-presentation-bo(29507)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"name": "20495", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/20495"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-5296", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-4031", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"name": "1017059", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1017059"}, {"name": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553", "refsource": "MISC", "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"name": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html", "refsource": "MISC", "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"name": "29720", "refsource": "OSVDB", "url": "http://www.osvdb.org/29720"}, {"name": "22394", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22394"}, {"name": "2523", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/2523"}, {"name": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx", "refsource": "CONFIRM", "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx", "refsource": "MISC", "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "powerpoint-presentation-bo(29507)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"name": "20495", "refsource": "BID", "url": "http://www.securityfocus.com/bid/20495"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:48:29.131Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-4031", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"name": "1017059", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1017059"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"name": "29720", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/29720"}, {"name": "22394", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22394"}, {"name": "2523", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/2523"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"name": "powerpoint-presentation-bo(29507)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"name": "20495", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/20495"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-5296", "datePublished": "2006-10-16T19:00:00", "dateReserved": "2006-10-16T00:00:00", "dateUpdated": "2024-08-07T19:48:29.131Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:powerpoint:2003:*:*:*:*:*:*:*", "matchCriteriaId": "F5611EFD-2C7C-47BA-83E5-947EA00D8E6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous."}, {"lang": "es", "value": "PowerPoint en Microsoft Office 2003 no maneja adecuadamente un objeto contenedor cuyo valor de posici\u00f3n excede la longitud del registro, lo cual permite a usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (referencia NULL y ca\u00edda de aplicaci\u00f3n) mediante un archivo PowerPoint (.PPT) manipulado, como ha demostrado Nanika.ppt. Es una vulnerabilidad diferente de CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, y CVE-2006-4694. NOTA: el impacto de este problema fue originalmente clasificado como ejecuci\u00f3n de c\u00f3digo arbitrario, pero un an\u00e1lisis posterior ha demostrado que esta afirmaci\u00f3n era err\u00f3nea."}], "id": "CVE-2006-5296", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-10-16T19:07:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"source": "cve@mitre.org", "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"source": "cve@mitre.org", "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22394"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1017059"}, {"source": "cve@mitre.org", "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/29720"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20495"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/2523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://research.eeye.com/html/alerts/zeroday/20061012_2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/22394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1017059"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/29720"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/20495"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/4031"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29507"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/2523"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}