7.2 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.583 Medium
EPSS
Percentile
97.7%
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:excel | microsoft excel | eq | * |
archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html
hackingspirits.com/vuln-rnd/vuln-rnd.html
secunia.com/advisories/21865
secunia.com/advisories/22882
securitytracker.com/id?1016344
www.adobe.com/support/security/bulletins/apsb06-11.html
www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
www.securityfocus.com/bid/18583
www.securityfocus.com/bid/19980
www.us-cert.gov/cas/techalerts/TA06-318A.html
www.vupen.com/english/advisories/2006/3573
www.vupen.com/english/advisories/2006/3577
www.vupen.com/english/advisories/2006/4507
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
exchange.xforce.ibmcloud.com/vulnerabilities/27312
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538