Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTA-2006-AVI-285
Vulnerability from certfr_avis
Plusieurs vulnérabilités sont présentes dans Microsoft Excel. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur distant pour exécuter du code arbitraire sur le système ayant la version vulnérable de ce logiciel.
Description
Huit vulnérabilités sont présentes dans le logiciel Microsoft Excel :
- Deux vulnérabilités existent dans les enregistrements SELECTION (CVE-2006-1301 et CVE-2006-1302). Ces vulnérabilités peuvent être exploitées par un utilisateur mal intentionné à partir d'un enregistrement SELECTION dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
- Une vulnérabilité existe dans les enregistrements COLINFO (CVE-2006-1304). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement COLINFO dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
- Une vulnérabilité existe dans les enregistrements OBJECT (CVE-2006-1306). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement OBJECT dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
- Une vulnérabilité existe dans les enregistrements FNGROUPCOUNT (CVE-2006-1308). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement FNGROUPCOUNT dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
- Une vulnérabilité existe dans les enregistrements LABEL (CVE-2006-1309). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement LABEL dans un fichier Excel malveillant pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier malcieusement construit.
- Les deux dernières vulnérabilités présentes sur Excel peuvent être exploitées par un utilisateur mal intentionné à partir d'un fichier Excel malveillant (CVE-2006-2388 CVE-2006-3059). La dernière de ces vulnérabilité à fait l'objet d'une alerte au CERTA le 16 juin 2006.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | Office | Microsoft Office XP Service Pack 3 ; | ||
| Microsoft | Office | Microsoft Office 2003 Service Pack 2 ; | ||
| Microsoft | Office | Microsoft Office 2003 Service Pack 1 ; | ||
| Microsoft | Office | Microsoft Office 2000 Service Pack 3 ; | ||
| Microsoft | Office | Microsoft Office version X pour Mac. | ||
| Microsoft | Office | Microsoft Office 2004 pour Mac ; |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Office XP Service Pack 3 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2003 Service Pack 2 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2003 Service Pack 1 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2000 Service Pack 3 ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office version X pour Mac.",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Office 2004 pour Mac ;",
"product": {
"name": "Office",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nHuit vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le logiciel Microsoft Excel :\n\n- Deux vuln\u00e9rabilit\u00e9s existent dans les enregistrements SELECTION\n (CVE-2006-1301 et CVE-2006-1302). Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre\n exploit\u00e9es par un utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un\n enregistrement SELECTION dans un fichier Excel pour ex\u00e9cuter du code\n arbitraire sur le poste d\u0027un utilisateur ouvrant le fichier\n sp\u00e9cialement construit.\n- Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements COLINFO\n (CVE-2006-1304). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement COLINFO\n dans un fichier Excel pour ex\u00e9cuter du code arbitraire sur le poste\n d\u0027un utilisateur ouvrant le fichier sp\u00e9cialement construit.\n- Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements OBJECT\n (CVE-2006-1306). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement OBJECT dans\n un fichier Excel pour ex\u00e9cuter du code arbitraire sur le poste d\u0027un\n utilisateur ouvrant le fichier sp\u00e9cialement construit.\n- Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements FNGROUPCOUNT\n (CVE-2006-1308). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement\n FNGROUPCOUNT dans un fichier Excel pour ex\u00e9cuter du code arbitraire\n sur le poste d\u0027un utilisateur ouvrant le fichier sp\u00e9cialement\n construit.\n- Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements LABEL\n (CVE-2006-1309). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement LABEL dans\n un fichier Excel malveillant pour ex\u00e9cuter du code arbitraire sur le\n poste d\u0027un utilisateur ouvrant le fichier malcieusement construit.\n- Les deux derni\u00e8res vuln\u00e9rabilit\u00e9s pr\u00e9sentes sur Excel peuvent \u00eatre\n exploit\u00e9es par un utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un fichier\n Excel malveillant (CVE-2006-2388 CVE-2006-3059). La derni\u00e8re de ces\n vuln\u00e9rabilit\u00e9 \u00e0 fait l\u0027objet d\u0027une alerte au CERTA le 16 juin 2006.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2006-1301",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1301"
},
{
"name": "CVE-2006-1304",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1304"
},
{
"name": "CVE-2006-1309",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1309"
},
{
"name": "CVE-2006-1302",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1302"
},
{
"name": "CVE-2006-3059",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-3059"
},
{
"name": "CVE-2006-1308",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1308"
},
{
"name": "CVE-2006-2388",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-2388"
},
{
"name": "CVE-2006-1306",
"url": "https://www.cve.org/CVERecord?id=CVE-2006-1306"
}
],
"initial_release_date": "2006-07-12T00:00:00",
"last_revision_date": "2006-07-12T00:00:00",
"links": [
{
"title": "Bulletin d\u0027alerte du CERTA CERTA-2006-ALE-007 du 16 juin 2006 :",
"url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ALE-007/index.html"
}
],
"reference": "CERTA-2006-AVI-285",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Microsoft Excel. Certaines\nde ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un utilisateur distant\npour ex\u00e9cuter du code arbitraire sur le syst\u00e8me ayant la version\nvuln\u00e9rable de ce logiciel.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-037",
"url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-037.mspx"
}
]
}
CVE-2006-1304 (GCVE-0-2006-1304)
Vulnerability from cvelistv5
Published
2006-07-13 21:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "18888",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18888"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "oval:org.mitre.oval:def:545",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A545"
},
{
"name": "20060712 NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439909/100/0/threaded"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0606.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a \"data filling operation.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "18888",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18888"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "oval:org.mitre.oval:def:545",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A545"
},
{
"name": "20060712 NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439909/100/0/threaded"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0606.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a \"data filling operation.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "18888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18888"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "oval:org.mitre.oval:def:545",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A545"
},
{
"name": "20060712 NSFOCUS SA2006-06 : Microsoft Excel COLINFO Record Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439909/100/0/threaded"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0606.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0606.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1304",
"datePublished": "2006-07-13T21:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3059 (GCVE-0-2006-3059)
Vulnerability from cvelistv5
Published
2006-06-17 01:00
Modified
2024-08-07 18:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:16:05.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#802324",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/802324"
},
{
"name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
},
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "oval:org.mitre.oval:def:537",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
},
{
"name": "excel-unspecified-code-execution(27179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blogs.securiteam.com/?p=451"
},
{
"name": "26527",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26527"
},
{
"name": "20686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20686"
},
{
"name": "TA06-167A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://isc.sans.org/diary.php?storyid=1420"
},
{
"name": "1016316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "18422",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18422"
},
{
"name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
},
{
"name": "TA06-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
},
{
"name": "ADV-2006-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2361"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#802324",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/802324"
},
{
"name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
},
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "oval:org.mitre.oval:def:537",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
},
{
"name": "excel-unspecified-code-execution(27179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blogs.securiteam.com/?p=451"
},
{
"name": "26527",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26527"
},
{
"name": "20686",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20686"
},
{
"name": "TA06-167A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://isc.sans.org/diary.php?storyid=1420"
},
{
"name": "1016316",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "18422",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18422"
},
{
"name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
},
{
"name": "TA06-192A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
},
{
"name": "ADV-2006-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2361"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#802324",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/802324"
},
{
"name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
},
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "oval:org.mitre.oval:def:537",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
},
{
"name": "excel-unspecified-code-execution(27179)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
},
{
"name": "http://blogs.securiteam.com/?p=451",
"refsource": "MISC",
"url": "http://blogs.securiteam.com/?p=451"
},
{
"name": "26527",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26527"
},
{
"name": "20686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20686"
},
{
"name": "TA06-167A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
},
{
"name": "http://isc.sans.org/diary.php?storyid=1420",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.php?storyid=1420"
},
{
"name": "1016316",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016316"
},
{
"name": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "18422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18422"
},
{
"name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
},
{
"name": "TA06-192A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
},
{
"name": "ADV-2006-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2361"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3059",
"datePublished": "2006-06-17T01:00:00",
"dateReserved": "2006-06-16T00:00:00",
"dateUpdated": "2024-08-07T18:16:05.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1306 (GCVE-0-2006-1306)
Vulnerability from cvelistv5
Published
2006-07-13 21:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.942Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "20060712 Microsoft Excel Array Index Error Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439884/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:950",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A950"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "18886",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18886"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secway.org/advisory/AD20060711.txt"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka \"Malformed OBJECT record Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "20060712 Microsoft Excel Array Index Error Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439884/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:950",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A950"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "18886",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18886"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secway.org/advisory/AD20060711.txt"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka \"Malformed OBJECT record Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "20060712 Microsoft Excel Array Index Error Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439884/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:950",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A950"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "18886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18886"
},
{
"name": "http://secway.org/advisory/AD20060711.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20060711.txt"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1306",
"datePublished": "2006-07-13T21:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-2388 (GCVE-0-2006-2388)
Vulnerability from cvelistv5
Published
2006-07-13 21:00
Modified
2024-08-07 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:03.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "18938",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18938"
},
{
"name": "20060711 ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439786/100/0/threaded"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:234",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html"
},
{
"name": "excel-cell-rebuilding-code-execution(27604)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27604"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of \"critical data offsets\" during the rebuilding process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "18938",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18938"
},
{
"name": "20060711 ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439786/100/0/threaded"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:234",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html"
},
{
"name": "excel-cell-rebuilding-code-execution(27604)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27604"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-2388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of \"critical data offsets\" during the rebuilding process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "18938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18938"
},
{
"name": "20060711 ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439786/100/0/threaded"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:234",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-022.html"
},
{
"name": "excel-cell-rebuilding-code-execution(27604)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27604"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-2388",
"datePublished": "2006-07-13T21:00:00",
"dateReserved": "2006-05-15T00:00:00",
"dateUpdated": "2024-08-07T17:51:03.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1309 (GCVE-0-2006-1309)
Vulnerability from cvelistv5
Published
2006-07-13 22:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:29.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "18910",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18910"
},
{
"name": "oval:org.mitre.oval:def:752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A752"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "18910",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18910"
},
{
"name": "oval:org.mitre.oval:def:752",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A752"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "18910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18910"
},
{
"name": "oval:org.mitre.oval:def:752",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A752"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1309",
"datePublished": "2006-07-13T22:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:29.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1308 (GCVE-0-2006-1308)
Vulnerability from cvelistv5
Published
2006-07-13 22:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:29.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060712 Microsoft Excel Could Allow Remote Code Execution by Malformed FNGROUPCOUNT value Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047837.html"
},
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "oval:org.mitre.oval:def:243",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A243"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "excel-fngroupcount-bo(27464)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27464"
},
{
"name": "18890",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18890"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "20060712 Microsoft Excel Could Allow Remote Code Execution by Malformed FNGROUPCOUNT value Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047837.html"
},
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "oval:org.mitre.oval:def:243",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A243"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "excel-fngroupcount-bo(27464)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27464"
},
{
"name": "18890",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18890"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060712 Microsoft Excel Could Allow Remote Code Execution by Malformed FNGROUPCOUNT value Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047837.html"
},
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "oval:org.mitre.oval:def:243",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A243"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "excel-fngroupcount-bo(27464)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27464"
},
{
"name": "18890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18890"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1308",
"datePublished": "2006-07-13T22:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:29.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1302 (GCVE-0-2006-1302)
Vulnerability from cvelistv5
Published
2006-07-13 21:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nsfocus.com/english/homepage/research/0605.htm"
},
{
"name": "1238",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1238"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "20060712 NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439914/100/0/threaded"
},
{
"name": "18885",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18885"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A379"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka \"Malformed SELECTION record Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nsfocus.com/english/homepage/research/0605.htm"
},
{
"name": "1238",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1238"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "20060712 NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439914/100/0/threaded"
},
{
"name": "18885",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18885"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:379",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A379"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka \"Malformed SELECTION record Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "http://www.nsfocus.com/english/homepage/research/0605.htm",
"refsource": "MISC",
"url": "http://www.nsfocus.com/english/homepage/research/0605.htm"
},
{
"name": "1238",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1238"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "20060712 NSFOCUS SA2006-05 : Microsoft Excel SELECTION Record Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439914/100/0/threaded"
},
{
"name": "18885",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18885"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:379",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A379"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1302",
"datePublished": "2006-07-13T21:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1301 (GCVE-0-2006-1301)
Vulnerability from cvelistv5
Published
2006-07-13 22:00
Modified
2024-08-07 17:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:29.055Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "18853",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18853"
},
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "18853",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18853"
},
{
"name": "MS06-037",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "1016472",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "ADV-2006-2755",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:557",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2006-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18853",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18853"
},
{
"name": "MS06-037",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
},
{
"name": "1016472",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016472"
},
{
"name": "ADV-2006-2755",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2755"
},
{
"name": "oval:org.mitre.oval:def:557",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2006-1301",
"datePublished": "2006-07-13T22:00:00",
"dateReserved": "2006-03-20T00:00:00",
"dateUpdated": "2024-08-07T17:03:29.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…