Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2387

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-2387
Last Modified 07 Mar 2011 12:00:00
Published 10 Oct 2006 06:07:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-2387

Summary

Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.

Vulnerable Systems

Application

  • Microsoft Office 2000

  • Microsoft Office 2001

  • Microsoft Office 2003

  • Microsoft Office 2004

  • Microsoft Office V.x


References

CERT-VN - VU#706668

MS - MS06-059

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-033.html

VUPEN - ADV-2006-3978

BID - 20344

HP - SSRT061264

BUGTRAQ - 20061010 ZDI-06-033: Microsoft Office Excel File Format DATETIME Record Parsing Vulnerability

SECTRACK - 1017031

HP - HPSBST02161

Related Patches

MS06-058 924163 MS06-059 924164 MS06-060 924554 MS06-062 922581 924999 Microsoft Office 2004 Update 11.3.0 (Rev 6)


Last Updated: 27 May 2016 10:42:35