CVE-2006-1302Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft Excel

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.3CRITICALNVD
EPSS
40.1%
top 2.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Excel Viewer
Timeline
PublishedJul 13
Latest updateMay 1

Description

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel5 versions+4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-57wr-7p77-ghxr: Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a2022-05-01
CVEList
CVE-2006-1302: Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a2006-07-13
CVE-2006-1302 — Microsoft Excel vulnerability | cvebase