CVE-2006-1301Code Injection in Microsoft Excel

CWE-94Code Injection7 documents5 sources
Severity
9.3CRITICALNVD
EPSS
37.9%
top 2.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Excel Viewer
Timeline
PublishedJul 13
Latest updateMay 1

Description

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-26g2-mv7p-7j93: Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a2022-05-01
CVEList
CVE-2006-1301: Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a2006-07-13
VulnCheck
Microsoft Excel Improper Control of Generation of Code ('Code Injection')2006

💥Exploits & PoCs

2
Exploit-DB
MailEnable Professional/Enterprise 2.37 - 'APPEND' Remote Buffer Overflow2007-03-02
Exploit-DB
X11R6 < 6.4 XKEYBOARD (sco x86) - Local Buffer Overflow2006-09-08
CVE-2006-1301 — Code Injection in Microsoft Excel | cvebase