CVE-2006-3435

Name of the Vulnerable Software and Affected Versions Microsoft Office PowerPoint versions in Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac

Description The issue arises from the improper parsing of the slide notes field in a document, allowing remote user-assisted attackers to execute arbitrary code via crafted data in this field. This triggers an erroneous object pointer calculation that uses data from within the document. A remote code execution vulnerability exists when PowerPoint parses a file that includes a malformed object pointer.

Recommendations For Microsoft Office PowerPoint versions in Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac, consider avoiding the use of crafted or potentially malicious files until a patch is available. As a temporary workaround, restrict access to potentially malicious PowerPoint files to minimize the risk of exploitation.