CVE-2006-4694

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version, including Office 2000, Office XP, and Office 2003

Description The issue allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file. It has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow. A remote code execution vulnerability exists in PowerPoint and could be exploited when PowerPoint opened a specially crafted file, which might be included in an e-mail attachment or hosted on a malicious web site.

Recommendations For Microsoft Office 2000, update to a version that includes the fix for this issue. For Microsoft Office XP, update to a version that includes the fix for this issue. For Microsoft Office 2003, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the SlideShowWindows.View.GotoNamedShow function until a patch is available.