CVE-2006-5296

Microsoft Powerpoint - Denial of Service

Title source: rule

Description

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nanika · perldoswindows

https://www.exploit-db.com/exploits/2523

View Code ZIP pw:eip

References (11)

[Various Sources] http://www.informationweek.com/management/showArticle.jhtml?articleID=193302553

[Various Sources] http://research.eeye.com/html/alerts/zeroday/20061012_2.html

[Vendor Advisory] http://secunia.com/advisories/22394

[Various Sources] http://blogs.technet.com/msrc/archive/2006/11/10/follow-up-information-on-weblog-posting-about-poc-published-for-ms-office-2003-powerpoint.aspx

[Various Sources] http://blogs.technet.com/msrc/archive/2006/10/12/poc-published-for-ms-office-2003-powerpoint.aspx

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4031

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017059

[Third Party Advisory, VDB Entry] http://www.osvdb.org/29720

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2523

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29507

[Exploit] http://www.securityfocus.com/bid/20495

Scores

EPSS 0.6784

EPSS Percentile 98.6%

Details

Status published

Products (1)

microsoft/powerpoint 2003

Published Oct 16, 2006

Tracked Since Feb 18, 2026