Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2388

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2006-2388
Last Modified 27 Sep 2011 12:00:00
Published 13 Jul 2006 05:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-2388

Summary

Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.

Vulnerable Systems

Application

  • Microsoft Excel 2000

  • Microsoft Excel 2002

  • Microsoft Excel 2003

  • Microsoft Excel 2004

  • Microsoft Excel Viewer 2003

  • Microsoft Excel X


References

BID - 18938

MS - MS06-037

XF - excel-chart-bo(27604)

XF - excel-cell-rebuilding-code-execution(27604)

MISC - http://www.zerodayinitiative.com/advisories/ZDI-06-022.html

VUPEN - ADV-2006-2755

BUGTRAQ - 20060711 ZDI-06-022: Microsoft Office Excel File Rebuilding Code Execution Vulnerability

SECTRACK - 1016472

Related Patches

Apple 2006-07-11 Microsoft Office 2004 Update 11.2.5 (Rev 4)

Apple 2007-05-29 Security Update QuickTime 7.1.6 (Rev 5)


Last Updated: 27 May 2016 10:42:26