Vulnerabilities > CVE-2006-1308 - Remote Code Execution vulnerability in Microsoft Excel FNGROUPCOUNT Record
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 13 |
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_MS_06-037.NASL description The remote host is running a version of Microsoft Office that is affected by various flaws that may allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have it open it with Microsoft Excel or another Office application. last seen 2020-03-18 modified 2006-07-11 plugin id 22025 published 2006-07-11 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22025 title MS06-037 / MS06-038: Vulnerabilities in Microsoft Excel and Office Could Allow Remote Code Execution (917284 / 917285) (Mac OS X) NASL family Windows : Microsoft Bulletins NASL id SMB_NT_MS06-037.NASL description The remote host is running a version of Microsoft Excel that could allow arbitrary code to be run. To succeed, the attacker would have to send a rogue file to a user of the remote computer and have him open it with Microsoft Excel. last seen 2020-06-01 modified 2020-06-02 plugin id 22031 published 2006-07-11 reporter This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/22031 title MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
Oval
| accepted | 2012-05-28T04:01:35.217-04:00 | ||||||||||||||||
| class | vulnerability | ||||||||||||||||
| contributors |
| ||||||||||||||||
| definition_extensions |
| ||||||||||||||||
| description | Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. | ||||||||||||||||
| family | windows | ||||||||||||||||
| id | oval:org.mitre.oval:def:243 | ||||||||||||||||
| status | accepted | ||||||||||||||||
| submitted | 2006-07-25T12:05:33 | ||||||||||||||||
| title | Microsoft Excel Malformed FNGROUPCOUNT value Vulnerability | ||||||||||||||||
| version | 12 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047837.html
- http://securitytracker.com/id?1016472
- http://www.securityfocus.com/bid/18890
- http://www.vupen.com/english/advisories/2006/2755
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27464
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A243