Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4131

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2005-4131
Last Modified 15 Apr 2011 12:00:00
Published 09 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2005-4131

Summary

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

Vulnerable Systems

Application

  • Microsoft Excel 2000

  • Microsoft Excel 2002

  • Microsoft Excel 2003

  • Microsoft Excel 95

  • Microsoft Excel 97


References

CERT - TA06-073A

CERT-VN - VU#642428

BID - 15780

XF - excel-msvcrt-memmove-bo(23537)

VUPEN - ADV-2006-0950

MISC - http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/

MISC - http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html

MISC - http://www.securityfocus.com/news/11363

BUGTRAQ - 20060315 [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution

BUGTRAQ - 20060314 High Risk Vulnerability in Microsoft Excel

MISC - http://www.osvdb.org/blog/?p=71

MS - MS06-012

MISC - http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614

MISC - http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

SECTRACK - 1015766

SECTRACK - 1015333

SREASON - 591

SREASON - 584

SECUNIA - 19238

SECUNIA - 19138

MISC - http://news.zdnet.com/2100-1009_22-5989078.html

MISC - http://news.com.com/2061-10789_3-5988086.html

MISC - http://informationweek.com/story/showArticle.jhtml?articleID=174910198

MISC - http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538

Related Patches

MS06-012 905413 915057 Microsoft Office 2004 for Mac Update 11.2.3 (Rev 7)


Last Updated: 27 May 2016 10:41:11