ID CVE-2005-4131
Summary Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:excel:95:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:95:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:97:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:97:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:97:sr1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:97:sr1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:97:sr2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:97:sr2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*
    cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 19-10-2018 - 15:40)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
assigner via4 cve@mitre.org
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 15780
bugtraq
  • 20060314 High Risk Vulnerability in Microsoft Excel
  • 20060315 [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution
cert TA06-073A
cert-vn VU#642428
confirm http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
misc
ms MS06-012
sectrack
  • 1015333
  • 1015766
secunia
  • 19138
  • 19238
sreason
vupen ADV-2006-0950
xf excel-msvcrt-memmove-bo(23537)
vulnerable_product via4
  • cpe:2.3:a:microsoft:excel:95:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:97:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:97:sr1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:97:sr2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*
Last major update 19-10-2018 - 15:40
Published 09-12-2005 - 11:03
Back to Top