CVE-2006-1308

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 through 2004

Description The issue allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. A remote code execution vulnerability exists in Excel due to the processing of a malformed FNGROUPCOUNT value file. An attacker could exploit this by constructing a specially crafted Excel file, potentially allowing remote code execution.

Recommendations For Microsoft Excel versions 2000 through 2004, consider avoiding the use of .xls files with crafted FNGROUPCOUNT values until a fix is available. As a temporary workaround, restrict the opening of specially crafted Excel files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.