9.3

CVE-2006-1304

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftExcel Version2000
MicrosoftExcel Version2000 Updatesp2
MicrosoftExcel Version2000 Updatesp3
MicrosoftExcel Version2000 Updatesr1
MicrosoftExcel Version2002
MicrosoftExcel Version2002 Updatesp1
MicrosoftExcel Version2002 Updatesp2
MicrosoftExcel Version2002 Updatesp3
MicrosoftExcel Version2003
MicrosoftExcel Version2003 Updatesp1
MicrosoftExcel Versionx Editionmac_os_x
MicrosoftExcel Viewer Version2003
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.88% 0.953
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

http://www.vupen.com/english/advisories/2006/2755
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037
http://securitytracker.com/id?1016472
http://www.nsfocus.com/english/homepage/research/0606.htm
Vendor Advisory
http://www.securityfocus.com/archive/1/439909/100/0/threaded
http://www.securityfocus.com/bid/18888
Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A545