CVE-2006-3655

Microsoft PowerPoint 2003 - Remote Code Execution via Crafted PowerPoint File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3655. PoCs published by naveed afzal.

AI-analyzed exploit summary This exploit targets a vulnerability in Microsoft PowerPoint (CVE-2006-3655) by crafting a malicious .ppt file that triggers a buffer overflow in mso.dll, potentially leading to remote code execution. The PoC contains a binary payload designed to exploit the vulnerability in PowerPoint 2003.

Description

Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.

Exploits (1)

exploitdb WORKING POC VERIFIED

by naveed afzal · cremotewindows

https://www.exploit-db.com/exploits/28224

View Code ZIP pw:eip

This exploit targets a vulnerability in Microsoft PowerPoint (CVE-2006-3655) by crafting a malicious .ppt file that triggers a buffer overflow in mso.dll, potentially leading to remote code execution. The PoC contains a binary payload designed to exploit the vulnerability in PowerPoint 2003.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft PowerPoint 2003

No auth needed

Prerequisites: Victim must open the malicious PowerPoint file

MITRE ATT&CK