Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3431


Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3431
Last Modified 07 Mar 2011 09:38:38
Published 07 Jul 2006 02:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.

Vulnerable Systems


  • Microsoft Excel


VUPEN - ADV-2006-2689

BID - 18872

HP - SSRT061264

BUGTRAQ - 20060707 Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs

BUGTRAQ - 20060703 Excel 2000/XP/2003 Style 0day POC

MS - MS06-059

SECTRACK - 1016430

SECUNIA - 20268

BUGTRAQ - 20060711 New CVE number states Excel Style handling as a separate issue

HP - HPSBST02161

Related Patches

MS06-058 924163 MS06-059 924164 MS06-060 924554 MS06-062 922581 924999 Microsoft Office 2004 Update 11.3.0 (Rev 6)

Last Updated: 27 May 2016 10:44:52