CVSS: 9.3EPSS: 89%CPEs: 13EXPL: 0CVE-2006-1309
https://notcve.org/view.php?id=CVE-2006-1309
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. Microsoft Excel 2000 a 2004 permite a atacantes con la implicación del usuario ejecutar código arbitrario mediante un fichero .xls con una etiqueta LABEL artesanal que dispara una corrupción de memoria. • http://securitytracker.com/id?1016472 http://www.securityfocus.com/bid/18910 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A752 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 89%CPEs: 13EXPL: 0CVE-2006-1301
https://notcve.org/view.php?id=CVE-2006-1301
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. Microsoft Excel 2000 a 2004 permite a atacantes con la implicación del usuario ejecutar código de su elección mediante un fichero .xls con un registro SELECTION artesanal que dispara una corrupción de memoria, una vulnerabilidad diferente de CVE-2006-1302. • http://securitytracker.com/id?1016472 http://www.securityfocus.com/bid/18853 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A557 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 86%CPEs: 13EXPL: 0CVE-2006-1302
https://notcve.org/view.php?id=CVE-2006-1302
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." Desbordamiento de búfer en Microsoft Excel 2000 a 2003 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un fichero .xls con ciertos campos artesanales en un campo SELECTION, lo que dispara una corrupción de memoria, también conocida como "Vulnerabilidad de registro SELECTION malformado". • http://securityreason.com/securityalert/1238 http://securitytracker.com/id?1016472 http://www.nsfocus.com/english/homepage/research/0605.htm http://www.securityfocus.com/archive/1/439914/100/0/threaded http://www.securityfocus.com/bid/18885 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A379 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 87%CPEs: 12EXPL: 0CVE-2006-1304
https://notcve.org/view.php?id=CVE-2006-1304
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." Desbordamiento de búfer en Microsoft Excel 2000 hasta 2003 permite a atacantes con la intervención del usuario ejecutar código de su elección mediante un fichero .xls con un registro COLINFO artesanal, lo que dispara el desbordamiento durante una "operación de relleno de datos" • http://securitytracker.com/id?1016472 http://www.nsfocus.com/english/homepage/research/0606.htm http://www.securityfocus.com/archive/1/439909/100/0/threaded http://www.securityfocus.com/bid/18888 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A545 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 86%CPEs: 13EXPL: 0CVE-2006-1308
https://notcve.org/view.php?id=CVE-2006-1308
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. Vulnerabilidad no especificada en Microsoft Excel 2000 a 2004 permite a atacantes con implicación del usuario ejecutar código de su elección mediante un fichero .xls con un valor FNGROUPCOUNT. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047837.html http://securitytracker.com/id?1016472 http://www.securityfocus.com/bid/18890 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://exchange.xforce.ibmcloud.com/vulnerabilities/27464 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A243 • CWE-94: Improper Control of Generation of Code ('Code Injection') •