CVE-2006-5296

Microsoft PowerPoint 2003 - Denial of Service via Crafted PPT File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5296. PoCs published by Nanika.

AI-analyzed exploit summary This exploit is a proof-of-concept for CVE-2006-5296, targeting a vulnerability in Microsoft Office 2003. It crafts a malicious PowerPoint file to trigger a memory corruption issue, potentially leading to arbitrary code execution.

Description

PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nanika · perldoswindows

https://www.exploit-db.com/exploits/2523

View Code ZIP pw:eip

This exploit is a proof-of-concept for CVE-2006-5296, targeting a vulnerability in Microsoft Office 2003. It crafts a malicious PowerPoint file to trigger a memory corruption issue, potentially leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Microsoft Office 2003

No auth needed

Prerequisites: Victim must open the malicious PowerPoint file

MITRE ATT&CK