CVE-2006-3864 : Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and

Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.

Published 2006-10-10 22:07:00

Updated 2025-04-09 00:30:58

Source Microsoft Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Products affected by CVE-2006-3864

Microsoft » Office » Version: V.X MAC Edition
cpe:2.3:a:microsoft:office:v.x:*:mac:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2000 Update SP3
cpe:2.3:a:microsoft:office:2000:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: XP Update SP3
cpe:2.3:a:microsoft:office:xp:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP1
cpe:2.3:a:microsoft:office:2003:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2003 Update SP2
cpe:2.3:a:microsoft:office:2003:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Office » Version: 2004 MAC Edition
cpe:2.3:a:microsoft:office:2004:*:mac:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2002 Update SP1
cpe:2.3:a:microsoft:project:2002:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Project » Version: 2000 Update SR1
cpe:2.3:a:microsoft:project:2000:sr1:*:*:*:*:*:*
Matching versions
Microsoft » Visio » Version: 2002 Update SP2
cpe:2.3:a:microsoft:visio:2002:sp2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-3864

EPSS FAQ

45.71%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-3864

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2006-3864

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2006-3864

http://www.securityfocus.com/bid/20384
http://www.vupen.com/english/advisories/2006/3981

Site en construction
Vendor Advisory

CVEs referencing this url
http://www.osvdb.org/29429
http://secway.org/advisory/AD20061010.txt

404 Not Found
http://www.securityfocus.com/archive/1/449179/100/0/threaded

CVEs referencing this url
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-062

Microsoft Security Bulletin MS06-062 - Critical | Microsoft Learn

CVEs referencing this url
http://support.microsoft.com/kb/922581

Error - Office.com - Microsoft Support
http://secunia.com/advisories/22339

About Secunia Research | Flexera
Vendor Advisory

CVEs referencing this url
http://securitytracker.com/id?1017034

CVEs referencing this url
http://www.securityfocus.com/archive/1/448268/100/0/threaded
http://www.kb.cert.org/vuls/id/176556

VU#176556 - Microsoft Office fails to properly parse malformed records
US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A632

Jump to

Vulnerability Details : CVE-2006-3864

Products affected by CVE-2006-3864

Exploit prediction scoring system (EPSS) score for CVE-2006-3864

CVSS scores for CVE-2006-3864

CWE ids for CVE-2006-3864

References for CVE-2006-3864