Microsoft Excel Memory Corruption Vulnerabilities

vendor:

Excel

by:

SecurityFocus

9.3

CVSS

HIGH

Memory Corruption

119, 125

CWE

Product Name: Excel

Affected Version From: Microsoft Excel 2000

Affected Version To: Microsoft Excel 2003

Patch Exists: Yes

Related CWE: CVE-2006-0030, CVE-2006-0031

CPE: a:microsoft:excel

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2006

Microsoft Excel Memory Corruption Vulnerabilities

Microsoft Excel is susceptible to two unspecified memory-corruption vulnerabilities. The issues present themselves when Microsoft Excel tries to process malformed or corrupted XLS files. Attackers may exploit these issues to crash the affected application and possibly to execute arbitrary machine code.

Mitigation:

Microsoft has released security advisory MS06-012 addressing this and other issues.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15926/info

Microsoft Excel is susceptible to two unspecified memory-corruption vulnerabilities. The issues present themselves when Microsoft Excel tries to process malformed or corrupted XLS files.

Attackers may exploit these issues to crash the affected application and possibly to execute arbitrary machine code.

This BID will be updated and potentially split into separate records as further information is disclosed.

UPDATE (Mar 14, 2006): Microsoft has released security advisory MS06-012 addressing this and other issues.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27055-2.xls

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27055-1.xls