Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3014

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3014
Last Modified 03 Oct 2011 12:00:00
Published 21 Jun 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3014

Summary

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.

Vulnerable Systems

Application

  • Microsoft Excel


References

CERT - TA06-318A

BID - 19980

SECUNIA - 21865

XF - excel-shockwave-code-execution(27312)

VUPEN - ADV-2006-4507

VUPEN - ADV-2006-3577

VUPEN - ADV-2006-3573

BID - 18583

MISC - http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html

MS - MS06-069

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb06-11.html

SECTRACK - 1016344

SECUNIA - 22882

MISC - http://hackingspirits.com/vuln-rnd/vuln-rnd.html

FULLDISC - 20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit


Last Updated: 27 May 2016 10:42:51