National Vulnerability Database (NVD) National Vulnerability Database (CVE-2006-0009)

National Cyber-Alert System

Vulnerability Summary for CVE-2006-0009

Original release date:03/14/2006

Last revised:09/05/2008

Source: US-CERT/NIST

Overview

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.

Impact

CVSS Severity (version 2.0):

CVSS v2 Base Score:5.1 (MEDIUM) (AV:N/AC:H/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 4.9

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: High

Authentication: Not required to exploit

Impact Type:Provides unauthorized access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

US-CERT Technical Alert: TA06-073A

Name: TA06-073A

Type: Advisory

Hyperlink:http://www.us-cert.gov/cas/techalerts/TA06-073A.html

US-CERT Vulnerability Note: VU#682820

Name: VU#682820

Type: Advisory

Hyperlink:http://www.kb.cert.org/vuls/id/682820

External Source: BID

Name: 17000

Type: Patch Information

Hyperlink:http://www.securityfocus.com/bid/17000

External Source: BUGTRAQ

Name: 20060314 SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata

Type: Advisory; Patch Information

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/427671/100/0/threaded

External Source: MS

Name: MS06-012

Type: Patch Information

Hyperlink:http://www.microsoft.com/technet/security/bulletin/ms06-012.mspx

External Source: SECTRACK

Name: 1015766

Type: Patch Information

Hyperlink:http://securitytracker.com/id?1015766

External Source: SECUNIA

Name: 19138

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/19138

External Source: XF

Name: powerpoint-presentation-code-execution(29009)

Hyperlink:http://xforce.iss.net/xforce/xfdb/29009

External Source: XF

Name: office-routing-slip-bo(25009)

Hyperlink:http://xforce.iss.net/xforce/xfdb/25009

External Source: MISC

Name: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EBH

Hyperlink:http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EBH

External Source: MISC

Name: http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99

Hyperlink:http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99

External Source: MISC

Name: http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt

Hyperlink:http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt

External Source: BID

Name: 20059

Hyperlink:http://www.securityfocus.com/bid/20059

External Source: BUGTRAQ

Name: 20060919 Microsoft PowerPoint 0-day Vulnerability FAQ - September written

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/446425/100/0/threaded

External Source: BUGTRAQ

Name: 20060919 New PowerPoint 0-day Trojan in the wild

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/446370/100/0/threaded

External Source: BUGTRAQ

Name: 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/444051/100/200/threaded

External Source: BUGTRAQ

Name: 20060819 New PowerPoint 0-day and Trojan - FAQ document ready

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/443890/100/0/threaded

External Source: BUGTRAQ

Name: 20060422 PowerPoint Phishing Trojan

Hyperlink:http://www.securityfocus.com/archive/1/archive/1/432004/30/5340/threaded

External Source: OSVDB

Name: 23903

Hyperlink:http://www.osvdb.org/23903

External Source: VUPEN

Name: ADV-2006-3678

Hyperlink:http://www.frsirt.com/english/advisories/2006/3678

External Source: VUPEN

Name: ADV-2006-0950

Hyperlink:http://www.frsirt.com/english/advisories/2006/0950

External Source: MISC

Name: http://www.darkreading.com/document.asp?doc_id=101970

Hyperlink:http://www.darkreading.com/document.asp?doc_id=101970

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

External Source: SECTRACK

Name: 1016886

Hyperlink:http://securitytracker.com/id?1016886

External Source: SECTRACK

Name: 1016720

Hyperlink:http://securitytracker.com/id?1016720

External Source: SECUNIA

Name: 19238

Hyperlink:http://secunia.com/advisories/19238

External Source: FULLDISC

Name: 20060919 New PowerPoint 0-day Trojan in the wild

Hyperlink:http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html

External Source: MISC

Name: http://isc.sans.org/diary.php?storyid=1618

Hyperlink:http://isc.sans.org/diary.php?storyid=1618

External Source: MISC

Name: http://blogs.securiteam.com/?p=559

Hyperlink:http://blogs.securiteam.com/?p=559

External Source: MISC

Name: http://blogs.securiteam.com/?p=557

Hyperlink:http://blogs.securiteam.com/?p=557

External Source: MISC

Name: http://blogs.securiteam.com/?author=28

Hyperlink:http://blogs.securiteam.com/?author=28

External Source: FULLDISC

Name: 20060822 Major updates in PowerPoint FAQ document - not a 0-day issue

Hyperlink:http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html

US Government Resource: oval:org.mitre.oval:def:798

Name: oval:org.mitre.oval:def:798

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:798

US Government Resource: oval:org.mitre.oval:def:1653

Name: oval:org.mitre.oval:def:1653

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1653

US Government Resource: oval:org.mitre.oval:def:1553

Name: oval:org.mitre.oval:def:1553

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1553

US Government Resource: oval:org.mitre.oval:def:1504

Name: oval:org.mitre.oval:def:1504

Type: Tool Signature

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1504

Vulnerable software and versions

Configuration 1

* cpe:/a:microsoft:office:2000:sp3

* cpe:/a:microsoft:office:2003:sp1

* cpe:/a:microsoft:office:2003:sp2

* cpe:/a:microsoft:office:2004::mac

* cpe:/a:microsoft:office:v.x::mac

* cpe:/a:microsoft:office:xp:sp3

* cpe:/a:microsoft:works:2000

* cpe:/a:microsoft:works:2001

* cpe:/a:microsoft:works:2002

* cpe:/a:microsoft:works:2003

* cpe:/a:microsoft:works:2004

* cpe:/a:microsoft:works:2005

* cpe:/a:microsoft:works:2006

* Denotes Vulnerable Software

Technical Details

Vulnerability Type (View All)

CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0009