CVE-2006-1309

Properties

Published:
12.07.2006
Updated:
26.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Product:
Microsoft: Excel Viewer
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel
Microsoft: Excel

Vulnerability description

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.

References:

MS: http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx
BID: http://www.securityfocus.com/bid/18910
FRSIRT: http://www.frsirt.com/english/advisories/2006/2755
SECTRACK: http://securitytracker.com/id?1016472
OVAL: http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:752