CVE-2006-1304

Name of the Vulnerable Software and Affected Versions Microsoft Excel versions 2000 through 2003

Description A buffer overflow issue exists, allowing user-assisted attackers to execute arbitrary code via a crafted .xls file with a malformed COLINFO record. This triggers the overflow during a data filling operation. The issue results from the processing of a specially crafted Excel file, which could allow remote code execution.

Recommendations For Microsoft Excel versions 2000 through 2003, consider avoiding the use of .xls files from untrusted sources until a fix is available. As a temporary workaround, restrict the opening of Excel files with crafted COLINFO records to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.