Microsoft Excel Memory Validation Flaw May Let Remote Users Cause Arbitrary Code to Be Executed
|
|
SecurityTracker Alert ID: 1016316 |
|
SecurityTracker URL: http://securitytracker.com/id/1016316
|
|
CVE Reference:
CVE-2006-3059
(Links to External Site)
|
Updated: Jun 19 2006
|
Original Entry Date: Jun 16 2006
|
Impact:
Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 2000, 2002, 2003; 2004 for Mac, v. X for Mac; Excel Viewer 2003
|
Description:
A vulnerability was reported in Microsoft Excel. A remote user may be able to cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted Excel file that, when loaded by the target user, may be able to execute arbitrary code on the target system. The code will run with the privileges of the target user.
The vulnerability is due to improper memory validation.
|
Impact:
A remote user can create a file that, when loaded by the target user, may execute arbitrary code on the target user's system.
|
Solution:
No solution was available at the time of this entry.
Microsoft is working on a software update.
Microsoft has added detection to the Windows Live Safety Center for up-to-date removal of malicious software that attempts to exploit the vulnerability. The Windows Live Safety Center is located at:
http://safety.live.com/
Microsoft has described some workarounds in their advisory.
The Microsoft advisory is available at:
http://www.microsoft.com/technet/security/advisory/921365.mspx
The original Microsoft blog notice is available at:
http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
|
Vendor URL: www.microsoft.com/technet/security/advisory/921365.mspx (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS: UNIX (macOS/OS X), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
