Multiple vulnerabilities in Microsoft Excel
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 8 |
| CVE-ID | CVE-2006-2388 CVE-2006-1309 CVE-2006-1308 CVE-2006-1306 CVE-2006-1304 CVE-2006-1302 CVE-2006-1301 CVE-2006-3059 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #6 is being exploited in the wild. Vulnerability #7 is being exploited in the wild. Vulnerability #8 is being exploited in the wild. |
| Vulnerable software |
Excel Viewer Client/Desktop applications / Office applications Microsoft Excel Client/Desktop applications / Office applications Microsoft Excel for Mac Client/Desktop applications / Office applications Microsoft Office for Mac Client/Desktop applications / Office applications Microsoft Office Client/Desktop applications / Office applications |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
This bulletin describes 8 vulnerabilities in Microsoft Excel, which can be exploited to compromise vulnerable system.
1) Buffer overflow
EUVDB-ID: #VU1201
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2006-2388
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:excel_viewer:*:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_excel:*:*:*:*:*:microsoft_office:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_office:XP:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_office:_2000_Service_Pack_3:*:*:*:*:*:*:*
- cpe:2.3:a:microsoft:microsoft_office:*:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU1200
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2006-1309
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed LABEL record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU1199
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2006-1308
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed FNGROUPCOUNT value file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU1198
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2006-1306
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed OBJECT record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU1197
Risk: High
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2006-1304
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed COLINFO record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU1196
Risk: High
CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber]
CVE-ID: CVE-2006-1302
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed SELECTION record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
7) Buffer overflow
EUVDB-ID: #VU1177
Risk: Critical
CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2006-1301
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed SELECTION record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability was being actively exploited. MitigationMicrosoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Excel Viewer: 2003
Microsoft Excel: 2000 - 2003
Microsoft Excel for Mac: v.X - 2004
Microsoft Office for Mac: 2004
Microsoft Office: XP - 2003
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
8) Remote code execution
EUVDB-ID: #VU1176
Risk: Critical
CVSSv4.0: 8.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2006-3059
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to a stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName() function. By persuading the victim to open a specially crafted Excel file, a remote attacker can cause DoS conditions or execute arbitrary code via a long hyperlink.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Microsoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Microsoft Excel for Mac: v.X - 2004
Microsoft Excel: 2000 - 2003
Microsoft Office: XP - 2003
Microsoft Office for Mac: 2004
CPE2.3- cpe:2.3:a:microsoft:microsoft_excel_for_mac:v.X:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_excel_for_mac:2004:*:*:*:*:microsoft_office_for_mac:*:*
- cpe:2.3:a:microsoft:microsoft_office_for_mac:2004:*:*:*:*:*:*:*
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
