cvelistv5 - CVE-2006-3014

CVE-2006-3014 (GCVE-0-2006-3014)

Vulnerability from cvelistv5

Published

2006-06-22 00:00

Modified

2024-08-07 18:16

Severity ?

CWE

Summary

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.

References

URL

Tags

cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html	Exploit
cve@mitre.org	http://hackingspirits.com/vuln-rnd/vuln-rnd.html	Exploit
cve@mitre.org	http://secunia.com/advisories/21865	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22882	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016344
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb06-11.html
cve@mitre.org	http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
cve@mitre.org	http://www.securityfocus.com/bid/18583	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/19980	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3573	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3577	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4507	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://hackingspirits.com/vuln-rnd/vuln-rnd.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21865	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016344
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb06-11.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18583	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19980	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3573	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3577	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4507	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:16:04.527Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-3573",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3573"
          },
          {
            "name": "TA06-318A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "name": "ADV-2006-4507",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4507"
          },
          {
            "name": "19980",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19980"
          },
          {
            "name": "22882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22882"
          },
          {
            "name": "21865",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21865"
          },
          {
            "name": "20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
          },
          {
            "name": "oval:org.mitre.oval:def:538",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
          },
          {
            "name": "ADV-2006-3577",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3577"
          },
          {
            "name": "18583",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18583"
          },
          {
            "name": "excel-shockwave-code-execution(27312)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
          },
          {
            "name": "MS06-069",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
          },
          {
            "name": "1016344",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016344"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-3573",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3573"
        },
        {
          "name": "TA06-318A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
        },
        {
          "name": "ADV-2006-4507",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4507"
        },
        {
          "name": "19980",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19980"
        },
        {
          "name": "22882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22882"
        },
        {
          "name": "21865",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21865"
        },
        {
          "name": "20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
        },
        {
          "name": "oval:org.mitre.oval:def:538",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
        },
        {
          "name": "ADV-2006-3577",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3577"
        },
        {
          "name": "18583",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18583"
        },
        {
          "name": "excel-shockwave-code-execution(27312)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
        },
        {
          "name": "MS06-069",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
        },
        {
          "name": "1016344",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016344"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3014",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-3573",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3573"
            },
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "ADV-2006-4507",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4507"
            },
            {
              "name": "19980",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19980"
            },
            {
              "name": "22882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22882"
            },
            {
              "name": "21865",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21865"
            },
            {
              "name": "20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
            },
            {
              "name": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html",
              "refsource": "MISC",
              "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
            },
            {
              "name": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html",
              "refsource": "MISC",
              "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
              "refsource": "CONFIRM",
              "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
            },
            {
              "name": "oval:org.mitre.oval:def:538",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
            },
            {
              "name": "ADV-2006-3577",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3577"
            },
            {
              "name": "18583",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18583"
            },
            {
              "name": "excel-shockwave-code-execution(27312)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
            },
            {
              "name": "MS06-069",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
            },
            {
              "name": "1016344",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016344"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3014",
    "datePublished": "2006-06-22T00:00:00",
    "dateReserved": "2006-06-13T00:00:00",
    "dateUpdated": "2024-08-07T18:16:04.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3014\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-22T00:06:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.\"},{\"lang\":\"es\",\"value\":\"Microsoft Excel permite ejecutar c\u00f3digo JavaScript de su elecci\u00f3n a atacantes asistidos por los usuarios y redirigir a los usuarios a los sitios de su elecci\u00f3n mediante una hoja de c\u00e1lculo Excel con un objeto incrustado Shockwave Flash Player ActiveX, que se ejecuta autom\u00e1ticamente cuando el usuario abre la hoja de c\u00e1lculo.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":5.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":4.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7973AE7A-FE9F-4AB8-BBA8-98F3AF25487C\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://hackingspirits.com/vuln-rnd/vuln-rnd.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/21865\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22882\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016344\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb06-11.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/18583\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/19980\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3573\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3577\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4507\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27312\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://hackingspirits.com/vuln-rnd/vuln-rnd.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/21865\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/22882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1016344\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb06-11.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/18583\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/19980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA06-318A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3573\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/3577\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2006/4507\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27312\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-4v5q-p386-f6mv

Vulnerability from github

Published

2022-05-01 07:04

Modified

2022-05-01 07:04

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3014"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-22T00:06:00Z",
    "severity": "MODERATE"
  },
  "details": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.",
  "id": "GHSA-4v5q-p386-f6mv",
  "modified": "2022-05-01T07:04:59Z",
  "published": "2022-05-01T07:04:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3014"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
    },
    {
      "type": "WEB",
      "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21865"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/22882"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016344"
    },
    {
      "type": "WEB",
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18583"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19980"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3573"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/4507"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-398

Vulnerability from certfr_avis

None

Description

Plusieurs vulnérabilités ont été identifiées dans le lecteur Adobe Flash Player. Elles permettraient à un utilisateur mal intentionné de contourner les restrictions du paramètre de sécurité allowScriptAccess, et d'exécuter du code arbitraire à distance par le biais d'un fichier au format .swf construit de façon particulière. Une dernière vulnérabilité concernerait une mauvaise manipulation de chaînes de caractères dynamiques, et de longueur excessive. Elle pourrait provoquer un débordement de mémoire.

Adobe Flash Player es parfois utilisé indirectement, par le biais d'un navigateur Internet, afin de visualiser des contenus animés au format Flash sur un site web.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Adobe Flash Player versions 8.0.24 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Adobe du 12 septembre 2006	None	vendor-advisory
Référence CVE CVE-2006-3587 :	-	other
Bulletin de sécurité Microsoft MS06-069 du 14 novembre 2006 :	-	other
Référence CVE CVE-2006-4640 :	-	other
Bulletin de sécurité Microsoft MS06-069 du 14 novembre 2006 :	-	other
Référence CVE CVE-2006-3014 :	-	other
Référence CVE CVE-2006-3588 :	-	other
Référence CVE CVE-2006-3311 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eAdobe Flash Player versions 8.0.24 et  ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le lecteur Adobe Flash\nPlayer. Elles permettraient \u00e0 un utilisateur mal intentionn\u00e9 de\ncontourner les restrictions du param\u00e8tre de s\u00e9curit\u00e9 allowScriptAccess,\net d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance par le biais d\u0027un fichier au\nformat .swf construit de fa\u00e7on particuli\u00e8re. Une derni\u00e8re vuln\u00e9rabilit\u00e9\nconcernerait une mauvaise manipulation de cha\u00eenes de caract\u00e8res\ndynamiques, et de longueur excessive. Elle pourrait provoquer un\nd\u00e9bordement de m\u00e9moire.\n\nAdobe Flash Player es parfois utilis\u00e9 indirectement, par le biais d\u0027un\nnavigateur Internet, afin de visualiser des contenus anim\u00e9s au format\nFlash sur un site web.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-3014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3014"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    }
  ],
  "initial_release_date": "2006-09-14T00:00:00",
  "last_revision_date": "2006-11-15T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3587 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3587"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-069 du 14 novembre 2006    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-4640 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-4640"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-069 du 14 novembre 2006    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-069.mspx"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3014 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3014"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3588 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3588"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2006-3311 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?CVE-2006-3311"
    }
  ],
  "reference": "CERTA-2006-AVI-398",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-09-14T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences CVE.",
      "revision_date": "2006-10-03T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin Microsoft MS06-069.",
      "revision_date": "2006-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 dans Adobe Flash Player",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Adobe du 12 septembre 2006",
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    }
  ]
}

CERTA-2006-AVI-498

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans Adobe Macromedia Flash Player pour Windows. Une personne malveillante pourrait exploiter l'une d'elles afin d'exécuter, à distance, des commandes arbitraires sur la machine vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans Adobe Macromedia Flash Player pour Windows. Celles-ci ont été présentées dans l'avis concernant Adobe CERTA-2006-AVI-398, datant du 03 octobre 2006. Microsoft redistribue cependant ces produits avec certaines versions de Microsoft Windows.

Une personne malveillante pourrait exploiter l'une de ces vulnérabilités afin d'exécuter, à distance, des commandes arbitraires sur la machine vulnérable.

Solution

Se référer au bulletin de sécurité MS06-069 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Adobe	N/A	Microsoft Windows XP Service Pack 2 ;
	Adobe	N/A	Microsoft Windows XP Professional x64 Edition.

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-069 du 14 novembre 2006	None	vendor-advisory
Avis du CERTA CERTA-2006-AVI-398 du 03 octobre 2006, « Vulnérabilités dans Adobe Flash Player » :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Windows XP Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Windows XP Professional x64 Edition.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Adobe",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Adobe Macromedia Flash\nPlayer pour Windows. Celles-ci ont \u00e9t\u00e9 pr\u00e9sent\u00e9es dans l\u0027avis concernant\nAdobe CERTA-2006-AVI-398, datant du 03 octobre 2006. Microsoft\nredistribue cependant ces produits avec certaines versions de Microsoft\nWindows.\n\nUne personne malveillante pourrait exploiter l\u0027une de ces vuln\u00e9rabilit\u00e9s\nafin d\u0027ex\u00e9cuter, \u00e0 distance, des commandes arbitraires sur la machine\nvuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS06-069 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4640"
    },
    {
      "name": "CVE-2006-3587",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3587"
    },
    {
      "name": "CVE-2006-3311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3311"
    },
    {
      "name": "CVE-2006-3014",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3014"
    },
    {
      "name": "CVE-2006-3588",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3588"
    }
  ],
  "initial_release_date": "2006-11-15T00:00:00",
  "last_revision_date": "2006-11-15T00:00:00",
  "links": [
    {
      "title": "Avis du CERTA CERTA-2006-AVI-398 du 03 octobre 2006, \u00ab    Vuln\u00e9rabilit\u00e9s dans Adobe Flash Player \u00bb :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-398/"
    }
  ],
  "reference": "CERTA-2006-AVI-498",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans Adobe Macromedia Flash\nPlayer pour Windows. Une personne malveillante pourrait exploiter l\u0027une\nd\u0027elles afin d\u0027ex\u00e9cuter, \u00e0 distance, des commandes arbitraires sur la\nmachine vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Adobe Macromedia Flash Player pour Windows",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-069 du 14 novembre 2006",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-069.mspx"
    }
  ]
}

gsd-2006-3014

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3014

Aliases

CVE-2006-3014

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3014",
    "description": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.",
    "id": "GSD-2006-3014",
    "references": [
      "https://www.suse.com/security/cve/CVE-2006-3014.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3014"
      ],
      "details": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.",
      "id": "GSD-2006-3014",
      "modified": "2023-12-13T01:19:57.132093Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3014",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "ADV-2006-3573",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3573"
          },
          {
            "name": "TA06-318A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
          },
          {
            "name": "ADV-2006-4507",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/4507"
          },
          {
            "name": "19980",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19980"
          },
          {
            "name": "22882",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/22882"
          },
          {
            "name": "21865",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21865"
          },
          {
            "name": "20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
          },
          {
            "name": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html",
            "refsource": "MISC",
            "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
          },
          {
            "name": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html",
            "refsource": "MISC",
            "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
          },
          {
            "name": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
            "refsource": "CONFIRM",
            "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
          },
          {
            "name": "oval:org.mitre.oval:def:538",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
          },
          {
            "name": "ADV-2006-3577",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/3577"
          },
          {
            "name": "18583",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18583"
          },
          {
            "name": "excel-shockwave-code-execution(27312)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
          },
          {
            "name": "MS06-069",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
          },
          {
            "name": "1016344",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016344"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3014"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
            },
            {
              "name": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
            },
            {
              "name": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
            },
            {
              "name": "18583",
              "refsource": "BID",
              "tags": [
                "Exploit"
              ],
              "url": "http://www.securityfocus.com/bid/18583"
            },
            {
              "name": "1016344",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016344"
            },
            {
              "name": "http://www.adobe.com/support/security/bulletins/apsb06-11.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
            },
            {
              "name": "21865",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/21865"
            },
            {
              "name": "19980",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/19980"
            },
            {
              "name": "22882",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/22882"
            },
            {
              "name": "TA06-318A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
            },
            {
              "name": "ADV-2006-4507",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/4507"
            },
            {
              "name": "ADV-2006-3577",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3577"
            },
            {
              "name": "ADV-2006-3573",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/3573"
            },
            {
              "name": "excel-shockwave-code-execution(27312)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
            },
            {
              "name": "oval:org.mitre.oval:def:538",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
            },
            {
              "name": "MS06-069",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-12T21:40Z",
      "publishedDate": "2006-06-22T00:06Z"
    }
  }
}

fkie_cve-2006-3014

Vulnerability from fkie_nvd

Published

2006-06-22 00:06

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html	Exploit
cve@mitre.org	http://hackingspirits.com/vuln-rnd/vuln-rnd.html	Exploit
cve@mitre.org	http://secunia.com/advisories/21865	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/22882	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016344
cve@mitre.org	http://www.adobe.com/support/security/bulletins/apsb06-11.html
cve@mitre.org	http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
cve@mitre.org	http://www.securityfocus.com/bid/18583	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/19980	Patch
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3573	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/3577	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/4507	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://hackingspirits.com/vuln-rnd/vuln-rnd.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21865	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/22882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016344
af854a3a-2127-422b-91ae-364da2661108	http://www.adobe.com/support/security/bulletins/apsb06-11.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18583	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19980	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-318A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3573	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/3577	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/4507	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538

Impacted products

	Vendor	Product	Version
	microsoft	excel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7973AE7A-FE9F-4AB8-BBA8-98F3AF25487C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet."
    },
    {
      "lang": "es",
      "value": "Microsoft Excel permite ejecutar c\u00f3digo JavaScript de su elecci\u00f3n a atacantes asistidos por los usuarios y redirigir a los usuarios a los sitios de su elecci\u00f3n mediante una hoja de c\u00e1lculo Excel con un objeto incrustado Shockwave Flash Player ActiveX, que se ejecuta autom\u00e1ticamente cuando el usuario abre la hoja de c\u00e1lculo."
    }
  ],
  "id": "CVE-2006-3014",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-22T00:06:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21865"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016344"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18583"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19980"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3573"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4507"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://hackingspirits.com/vuln-rnd/vuln-rnd.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016344"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.adobe.com/support/security/bulletins/apsb06-11.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/18583"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-318A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3573"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/4507"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27312"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-3014 (GCVE-0-2006-3014)

Vulnerability from cvelistv5

ghsa-4v5q-p386-f6mv

Vulnerability from github

CERTA-2006-AVI-398

Vulnerability from certfr_avis

Description

Solution

CERTA-2006-AVI-498

Vulnerability from certfr_avis

Description

Solution

gsd-2006-3014

Vulnerability from gsd

fkie_cve-2006-3014

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature