Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0028

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0028
Last Modified 18 Apr 2011 12:00:00
Published 14 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0028

Summary

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.

Vulnerable Systems

Application

  • Microsoft Excel 2000

  • Microsoft Excel 2002

  • Microsoft Excel 2003

  • Microsoft Excel 2004

  • Microsoft Excel X

  • Microsoft Office 2000

  • Microsoft Office 2003

  • Microsoft Office 2004

  • Microsoft Office V.x

  • Microsoft Office Xp


References

CERT - TA06-073A

CERT-VN - VU#339878

MS - MS06-012

SECTRACK - 1015766

SECUNIA - 19138

XF - excel-parsing-format-file-bo(25225)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-004.html

VUPEN - ADV-2006-0950

BUGTRAQ - 20060314 ZDI-06-004: Microsoft Excel File Format Parsing Vulnerability

OSVDB - 23899

CONFIRM - http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

SREASON - 583

SECUNIA - 19238

Related Patches

MS06-012 905413 915057 Microsoft Office 2004 for Mac Update 11.2.3 (Rev 7)


Last Updated: 27 May 2016 10:41:30