CVE-2006-1304

Properties

Published:
12.07.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Product:
Microsoft: Excel Viewer
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel

Vulnerability description

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a"data filling operation."

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/439909/100/0/threaded
http://www.nsfocus.com/english/homepage/research/0606.htm: http://www.nsfocus.com/english/homepage/research/0606.htm
MS: http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx
BID: http://www.securityfocus.com/bid/18888
FRSIRT: http://www.frsirt.com/english/advisories/2006/2755
SECTRACK: http://securitytracker.com/id?1016472
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:545