Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-0009

Disclosure Date: March 14, 2006
CVE-2006-0009
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2006-0009 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0009)
BID-20059 (http://www.securityfocus.com/bid/20059)
BID-17000 (http://www.securityfocus.com/bid/17000)
Advisory
20060422 PowerPoint Phishing Trojan (http://www.securityfocus.com/archive/1/432004/30/5340/threaded)
ADV-2006-3678 (http://www.vupen.com/english/advisories/2006/3678)
VU#682820 (http://www.kb.cert.org/vuls/id/682820)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1504
ADV-2006-0950 (http://www.vupen.com/english/advisories/2006/0950)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1653
20060822 Major updates in PowerPoint FAQ document - not a 0-day issue (http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0597.html)
20060314 SYMSA-2006-001: Buffer overflow in Microsoft Office 2000, Office XP (2002), and Office 2003 Routing Slip Metadata (http://www.securityfocus.com/archive/1/427671/100/0/threaded)
SECTRACK-1016886 (http://securitytracker.com/id?1016886)
XF-powerpoint-presentation-code-execution(29009) (https://exchange.xforce.ibmcloud.com/vulnerabilities/29009)
http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
SECUNIA-19238 (http://secunia.com/advisories/19238)
20060919 Microsoft PowerPoint 0-day Vulnerability FAQ - September written (http://www.securityfocus.com/archive/1/446425/100/0/threaded)
SECTRACK-1016720 (http://securitytracker.com/id?1016720)
TA06-073A (http://www.us-cert.gov/cas/techalerts/TA06-073A.html)
XF-office-routing-slip-bo(25009) (https://exchange.xforce.ibmcloud.com/vulnerabilities/25009)
20060919 New PowerPoint 0-day Trojan in the wild (http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049540.html)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A798
SECUNIA-19138 (http://secunia.com/advisories/19138)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1553
OSVDB-23903 (http://www.osvdb.org/23903)
20060819 New PowerPoint 0-day and Trojan - FAQ document ready (http://www.securityfocus.com/archive/1/443890/100/0/threaded)
20060919 New PowerPoint 0-day Trojan in the wild (http://www.securityfocus.com/archive/1/446370/100/0/threaded)
20060822 Major updates in PowerPoint FAQ document - not a 0-day issue (http://www.securityfocus.com/archive/1/444051/100/200/threaded)
SECTRACK-1015766 (http://securitytracker.com/id?1015766)
MS06-012 (https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012)
Miscellaneous
http://www.symantec.com/security_response/writeup.jsp?docid=2006-091810-5028-99
http://www.symantec.com/enterprise/research/SYMSA-2006-001.txt
http://www.darkreading.com/document.asp?doc_id=101970
http://isc.sans.org/diary.php?storyid=1618
http://blogs.securiteam.com?author=28
http://blogs.securiteam.com?p=557
http://blogs.securiteam.com?p=559
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FMDROPPER%2EBH

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis