MitreCVE-2005-4131CVE-2005-4131
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
98.2%
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka “Brand new Microsoft Excel Vulnerability,” as originally placed for sale on eBay as item number 7203336538.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | excel | 95 | cpe:2.3:a:microsoft:excel:95:*:*:*:*:*:*:* |
| microsoft | excel | 97 | cpe:2.3:a:microsoft:excel:97:*:*:*:*:*:*:* |
| microsoft | excel | 97 | cpe:2.3:a:microsoft:excel:97:sr1:*:*:*:*:*:* |
| microsoft | excel | 97 | cpe:2.3:a:microsoft:excel:97:sr2:*:*:*:*:*:* |
| microsoft | excel | 2000 | cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:* |
| microsoft | excel | 2000 | cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:* |
| microsoft | excel | 2000 | cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:* |
| microsoft | excel | 2000 | cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:* |
| microsoft | excel | 2002 | cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:* |
| microsoft | excel | 2002 | cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:* |
References
cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538
informationweek.com/story/showArticle.jhtml?articleID=174910198
news.com.com/2061-10789_3-5988086.html
news.zdnet.com/2100-1009_22-5989078.html
secunia.com/advisories/19138
secunia.com/advisories/19238
securityreason.com/securityalert/584
securityreason.com/securityalert/591
securitytracker.com/id?1015333
securitytracker.com/id?1015766
support.avaya.com/elmodocs2/security/ASA-2006-069.htm
www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/
www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614
www.kb.cert.org/vuls/id/642428
www.osvdb.org/blog/?p=71
www.securityfocus.com/archive/1/427635/100/0/threaded
www.securityfocus.com/archive/1/427698/100/0/threaded
www.securityfocus.com/bid/15780
www.securityfocus.com/news/11363
www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html
www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/
www.us-cert.gov/cas/techalerts/TA06-073A.html
www.vupen.com/english/advisories/2006/0950
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012
exchange.xforce.ibmcloud.com/vulnerabilities/23537
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
98.2%