5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.591 Medium
EPSS
Percentile
97.7%
Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft Excel contains an unspecified vulnerability that could be exploited when Excel opens a specially crafted Lotus 1-2-3 document. This vulnerability affects both Windows and Mac versions of Excel.
By convincing a user to open a specially crafted Lotus 1-2-3 document, an attacker could execute arbitrary code with the privileges of the user running Excel. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system. This vulnerability may also cause Excel to crash.
Apply an update
This vulnerability is addressed in Microsoft Security Bulletin MS06-059.
Do not open untrusted Lotus 1-2-3 documents
Do not open unfamiliar or unexpected Lotus 1-2-3 or other Office documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
821772
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: October 10, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see Microsoft Security Bulletin MS06-059.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23821772 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was publicly disclosed by Benjamin Tobias Franz.
This document was written by Will Dormann.
CVE IDs: | CVE-2006-3867 |
---|---|
Severity Metric: | 38.73 Date Public: |