lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <26122395.794401153173570083.JavaMail.juha-matti.laurio@netti.fi>
Date: Mon Jul 17 22:59:36 2006
From: juha-matti.laurio at netti.fi (Juha-Matti Laurio)
Subject: New CVE identifiers for separate PowerPoint 0-day
	issues assigned

New CVE documents have been published recently to clarify the existence of several 0-day type issues in Microsoft PowerPoint.
These are based to three PoCs posted to Bugtraq on Saturday 15th July.

CVE-2006-3655 - Unspecified vulnerability in mso.dll allows executing arbitrary code

CVE-2006-3656 - Unspecified vulnerability allows to cause memory corruption when closing a PowerPoint document

CVE-2006-3660 - Unspecified vulnerability in powerpnt.exe has unknown
impact

Some reports say code execution is not confirmed and some of these issues cause DoS state.
The newest PowerPoint version 2003 is reported as affected, however.

To avoid multiple CVE links this information has been updated to Microsoft PowerPoint 0-day Vulnerability FAQ document at
http://blogs.securiteam.com/?p=508
including several other updates and new entries too.

If these issues are confirmed to totally different vulnerabilities I'll remove this information from the FAQ document.
At time of writing it's very diffucult to say if these are separate issues. Additionally, only two security advisories have been published.

- Juha-Matti

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ