CVE-2006-1301

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securitytracker.com/id?1016472
http://www.securityfocus.com/bid/18853
http://www.vupen.com/english/advisories/2006/2755	Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:microsoft:excel:2000:::::::*
	cpe:2.3:a:microsoft:excel:2000:sp2::::::
	cpe:2.3:a:microsoft:excel:2000:sp3::::::
	cpe:2.3:a:microsoft:excel:2000:sr1::::::
	cpe:2.3:a:microsoft:excel:2002:::::::*
	cpe:2.3:a:microsoft:excel:2002:sp1::::::
	cpe:2.3:a:microsoft:excel:2002:sp2::::::
	cpe:2.3:a:microsoft:excel:2002:sp3::::::
	cpe:2.3:a:microsoft:excel:2003:::::::*
	cpe:2.3:a:microsoft:excel:2003:sp1::::::
	cpe:2.3:a:microsoft:excel:2004::mac_os_x:::::
	cpe:2.3:a:microsoft:excel:x::mac_os_x:::::
	cpe:2.3:a:microsoft:excel_viewer:2003:::::::*

History

No history.

Information

Published : 2006-07-13 22:05

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1301

Mitre link : CVE-2006-1301

CVE.ORG link : CVE-2006-1301

JSON object : View

Products Affected

microsoft

excel
excel_viewer

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

{"id": "CVE-2006-1301", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2006-07-13T22:05:00.000", "references": [{"url": "http://securitytracker.com/id?1016472", "source": "secure@microsoft.com"}, {"url": "http://www.securityfocus.com/bid/18853", "source": "secure@microsoft.com"}, {"url": "http://www.vupen.com/english/advisories/2006/2755", "tags": ["Vendor Advisory"], "source": "secure@microsoft.com"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037", "source": "secure@microsoft.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557", "source": "secure@microsoft.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-94"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302."}, {"lang": "es", "value": "Microsoft Excel 2000 a 2004 permite a atacantes con la implicaci\u00f3n del usuario ejecutar c\u00f3digo de su elecci\u00f3n mediante un fichero .xls con un registro SELECTION artesanal que dispara una corrupci\u00f3n de memoria, una vulnerabilidad diferente de CVE-2006-1302.\r\n"}], "lastModified": "2018-10-12T21:39:18.057", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E"}, {"criteria": "cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4FBEB90-1BF2-4E84-9A74-EAD226AAA0A2"}, {"criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37"}, {"criteria": "cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "27C6E1BC-406E-4B0B-B513-33226AC4482D"}, {"criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B"}, {"criteria": "cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C619E79B-90FB-4812-B0F3-115B47498492"}, {"criteria": "cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC893353-909C-49A8-8C3A-AD325C1D365D"}, {"criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF"}, {"criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A"}, {"criteria": "cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9AED7433-3C95-4868-B05D-244149E0E33E"}, {"criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac_os_x:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B29EBC56-422C-45DF-B241-FA3EF1F7A8EE"}, {"criteria": "cpe:2.3:a:microsoft:excel:x:*:mac_os_x:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA71E158-6D0A-4BEF-8471-FE5C864E7073"}, {"criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E"}], "operator": "OR"}]}], "sourceIdentifier": "secure@microsoft.com"}