PT-2006-3349 · Microsoft · Office Excel

Arnaud Dovi

Published

2006-07-13

Updated

2018-10-18

CVE-2006-2388

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2000 through 2004

Description A remote code execution issue exists due to the processing of a malformed file. This allows attackers to execute arbitrary code via malformed cell comments, which lead to modification of critical data offsets during the rebuilding process. An attacker could exploit this by constructing a specially crafted Excel file.

Recommendations For Microsoft Office Excel versions 2000 through 2004, at the moment, there is no information about a newer version that contains a fix for this issue.

Fix

RCE

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2006-2388

Affected Products

Office Excel

PT-2006-3349 · Microsoft · Office Excel

CVE-2006-2388

Weakness Enumeration

Related Identifiers

Affected Products

References · 16