Vulnerabilities > CVE-2006-0029 - Unspecified vulnerability in Microsoft Excel and Office
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
nessus
Summary
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS06-012.NASL |
description | The remote host is running a version of Microsoft Office that could allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it. Then a bug in the font parsing handler would result in code execution. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 21078 |
published | 2006-03-14 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/21078 |
title | MS06-012: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413) |
code |
|
Oval
accepted 2012-05-28T04:01:03.268-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. family windows id oval:org.mitre.oval:def:1522 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Excel 2002 Remote Code Execution via Malformed Description version 6 accepted 2006-05-03T10:06:00.000-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. definition_extensions comment Microsoft Excel Viewer 2003 is installed oval oval:org.mitre.oval:def:439 description Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. family windows id oval:org.mitre.oval:def:1570 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Excel Viewer 2003 Remote Code Execution via Malformed Description version 5 accepted 2012-05-28T04:01:19.831-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Matthew Wojcik organization The MITRE Corporation name Matthew Wojcik organization The MITRE Corporation name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. family windows id oval:org.mitre.oval:def:1579 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Excel 2003 Remote Code Execution via Malformed Description version 6 accepted 2012-05-28T04:01:20.452-04:00 class vulnerability contributors name Robert L. Hollis organization ThreatGuard, Inc. name Robert L. Hollis organization ThreatGuard, Inc. name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc.
description Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. family windows id oval:org.mitre.oval:def:1633 status accepted submitted 2006-03-15T10:53:00.000-04:00 title Excel 2000 Remote Code Execution via Malformed Description version 5
References
- http://www.kb.cert.org/vuls/id/235774
- http://securitytracker.com/id?1015766
- http://secunia.com/advisories/19138
- http://www.us-cert.gov/cas/techalerts/TA06-073A.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm
- http://secunia.com/advisories/19238
- http://www.osvdb.org/23900
- http://securityreason.com/securityalert/585
- http://securityreason.com/securityalert/586
- http://www.vupen.com/english/advisories/2006/0950
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25227
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1633
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1579
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1570
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1522
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012