Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:BD409D18889D0785664D18B344B80112
HistoryJun 21, 2006 - 12:00 a.m.

Microsoft Excel URL unicode buffer overflow

2006-06-2100:00:00
SAINT Corporation
download.saintcorporation.com
10

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.34 Low

EPSS

Percentile

96.6%

JSON

Added: 06/21/2006
CVE: CVE-2006-3086
BID: 18500
OSVDB: 26666

Background

Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.

Problem

A buffer overflow in Excel when processing long URL strings allows command execution when a user clicks on a specially crafted link within a spreadsheet.

Resolution

Do not open Excel files from untrusted sources.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0391.html&gt;

Limitations

Exploit works on Microsoft Excel 2002. In order for exploitation to occur, a user must download and open the exploit file and click on the Click Here link. Note that on Windows XP, a pop-up window comes up after the click, and the user must click on either button to trigger the exploit.

Platforms

Windows 2000
Windows XP

Related

securityvulns 3
saint 3
seebug 1
cert 1
cve 3
nessus 1
checkpoint_advisories 1
securityvulns
securityvulns
[Full-disclosure] TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability
2006-08-09 00:00:00
TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability
2006-08-10 00:00:00
Microsoft Security Bulletin MS06-050 Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution &#40;920670&#41;
2006-08-09 00:00:00
saint
saint
Microsoft Excel URL unicode buffer overflow
2006-06-21 00:00:00
Microsoft Excel URL unicode buffer overflow
2006-06-21 00:00:00
Microsoft Excel URL unicode buffer overflow
2006-06-21 00:00:00
seebug
seebug
Microsoft Windows Hyperlink Object Library Remote Code Execution(MS06-050)
2006-10-24 00:00:00
cert
cert
Microsoft Hyperlink Object Library stack buffer overflow
2006-06-21 00:00:00
cve
cve
CVE-2006-3086
2006-06-19 19:02:00
CVE-2006-3059
2006-06-17 13:18:00
CVE-2006-3431
2006-07-07 18:05:00
nessus
nessus
MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
2006-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Microsoft Excel Crafted URL Unicode Buffer Overflow (MS06-050; CVE-2006-3086; CVE-2011-0104)
2011-02-24 00:00:00

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.34 Low

EPSS

Percentile

96.6%

JSON
Related for SAINT:BD409D18889D0785664D18B344B80112
securityvulns3saint3seebug1cert1cve3nessus1checkpoint_advisories1