CVSS: 9.3EPSS: 87%CPEs: 13EXPL: 0CVE-2006-1306
https://notcve.org/view.php?id=CVE-2006-1306
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." Microsoft Excel 2000 a 2004 permite a atacantes con implicación del usuario ejecutar código de su elección mediante un fichero .xls con un registro BIFF artesanal con un índice de array controlado por el atacante que es usado para un puntero a función, tcc "Vulnerabilidad de registro OBJECT malformado". • http://securitytracker.com/id?1016472 http://secway.org/advisory/AD20060711.txt http://www.securityfocus.com/archive/1/439884/100/0/threaded http://www.securityfocus.com/bid/18886 http://www.vupen.com/english/advisories/2006/2755 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A950 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 90%CPEs: 13EXPL: 0CVE-2006-2388 – Microsoft Office Excel File Rebuilding Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-2388
Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process. Microsoft Office Excel 2000 hasta la versión 2004 permite a atacantes asistidos por el usuario ejecutar código arbitrario a través de comentarios de celdas mal formadas, lo que conduce a modificación de "desplazamiento de datos críticos" durante el proceso de reconstrucción. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the rebuilding of malformed cell comments. When Excel encounters a malformed record it attempts to rebuild the broken meta-data. • http://securitytracker.com/id?1016472 http://www.securityfocus.com/archive/1/439786/100/0/threaded http://www.securityfocus.com/bid/18938 http://www.vupen.com/english/advisories/2006/2755 http://www.zerodayinitiative.com/advisories/ZDI-06-022.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037 https://exchange.xforce.ibmcloud.com/vulnerabilities/27604 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A234 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 70%CPEs: 11EXPL: 0CVE-2006-0029
https://notcve.org/view.php?id=CVE-2006-0029
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. • http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securityreason.com/securityalert/585 http://securityreason.com/securityalert/586 http://securitytracker.com/id?1015766 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.kb.cert.org/vuls/id/235774 http://www.osvdb.org/23900 http://www.us-cert.gov/cas/techalerts/TA06-073A.html http://www.vupen.com/english/advisories/2006/0950 https://docs.microsoft.com/en-us/security-upda •
CVSS: 5.1EPSS: 69%CPEs: 11EXPL: 1CVE-2006-0030 – Microsoft Excel 95 < 2004 - Malformed Graphic File Code Execution
https://notcve.org/view.php?id=CVE-2006-0030
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption. • https://www.exploit-db.com/exploits/27055 http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securitytracker.com/id?1015766 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.kb.cert.org/vuls/id/123222 http://www.osvdb.org/23901 http://www.securityfocus.com/bid/16181 http://www.us-cert.gov/cas/techalerts/TA06-073A.html http://www.vupen.com/english/advisories/2006/0950 https://docs.microsoft.com/en-us/security- •
CVSS: 5.1EPSS: 95%CPEs: 11EXPL: 0CVE-2006-0028 – Microsoft Excel File Format Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2006-0028
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. During the processing of malformed BOOLERR records, user-supplied data may be insecurely referenced thereby leading to the eventual execution of arbitrary code. • http://secunia.com/advisories/19138 http://secunia.com/advisories/19238 http://securityreason.com/securityalert/583 http://securitytracker.com/id?1015766 http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm http://www.kb.cert.org/vuls/id/339878 http://www.osvdb.org/23899 http://www.securityfocus.com/archive/1/427632/100/0/threaded http://www.us-cert.gov/cas/techalerts/TA06-073A.html http://www.vupen.com/english/advisories/2006/0950 http://www.zerodayinitiativ •