| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 18 Jul 2006 00:59:29 +0300 (EEST) From: Juha-Matti Laurio <juha-matti.laurio@...ti.fi> To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk Subject: New CVE identifiers for separate PowerPoint 0-day issues assigned New CVE documents have been published recently to clarify the existence of several 0-day type issues in Microsoft PowerPoint. These are based to three PoCs posted to Bugtraq on Saturday 15th July. CVE-2006-3655 - Unspecified vulnerability in mso.dll allows executing arbitrary code CVE-2006-3656 - Unspecified vulnerability allows to cause memory corruption when closing a PowerPoint document CVE-2006-3660 - Unspecified vulnerability in powerpnt.exe has unknown impact Some reports say code execution is not confirmed and some of these issues cause DoS state. The newest PowerPoint version 2003 is reported as affected, however. To avoid multiple CVE links this information has been updated to Microsoft PowerPoint 0-day Vulnerability FAQ document at http://blogs.securiteam.com/?p=508 including several other updates and new entries too. If these issues are confirmed to totally different vulnerabilities I'll remove this information from the FAQ document. At time of writing it's very diffucult to say if these are separate issues. Additionally, only two security advisories have been published. - Juha-Matti
Powered by blists - more mailing lists