Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:5A177D8613AF0B419D756AEFC4970DD5
HistoryJun 21, 2006 - 12:00 a.m.

Microsoft Excel URL unicode buffer overflow

2006-06-2100:00:00
SAINT Corporation
my.saintcorporation.com
14

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.415 Medium

EPSS

Percentile

97.2%

JSON

Added: 06/21/2006
CVE: CVE-2006-3086
BID: 18500
OSVDB: 26666

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow in Excel when processing long URL strings allows command execution when a user clicks on a specially crafted link within a spreadsheet.

Resolution

Do not open Excel files from untrusted sources.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0391.html&gt;

Limitations

Exploit works on Microsoft Excel 2002. In order for exploitation to occur, a user must download and open the exploit file and click on the Click Here link. Note that on Windows XP, a pop-up window comes up after the click, and the user must click on either button to trigger the exploit.

Platforms

Windows 2000
Windows XP

Related

securityvulns 3
seebug 1
cert 1
saint 3
cve 3
nessus 1
checkpoint_advisories 1
securityvulns
securityvulns
[Full-disclosure] TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability
2006-08-09 00:00:00
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability
2006-08-10 00:00:00
Microsoft Security Bulletin MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution &#40;920670&#41;
2006-08-09 00:00:00
seebug
seebug
Microsoft Windows Hyperlink Object Library Remote Code Execution(MS06-050)
2006-10-24 00:00:00
cert
cert
Microsoft Hyperlink Object Library stack buffer overflow
2006-06-21 00:00:00
saint
saint
Microsoft Excel URL unicode buffer overflow
2006-06-21 00:00:00
Microsoft Excel URL unicode buffer overflow
2006-06-21 00:00:00
Microsoft Excel URL unicode buffer overflow
2006-06-21 00:00:00
cve
cve
CVE-2006-3086
2006-06-19 19:02:00
CVE-2006-3059
2006-06-17 13:18:00
CVE-2006-3431
2006-07-07 18:05:00
nessus
nessus
MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
2006-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Crafted URL Unicode Buffer Overflow (MS06-050; CVE-2006-3086; CVE-2011-0104)
2011-02-24 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.415 Medium

EPSS

Percentile

97.2%

JSON
Related for SAINT:5A177D8613AF0B419D756AEFC4970DD5
securityvulns3seebug1cert1saint3cve3nessus1checkpoint_advisories1