CVE-2006-1304 — Code Injection in Microsoft Excel

CWE-94 — Code Injection3 documents3 sources

Severity

9.3CRITICALNVD

EPSS

43.6%

top 2.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Excel Microsoft Excel Viewer

Timeline

PublishedJul 13

Latest updateMay 1

Description

Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶NVDmicrosoft/excel4 versions+3

▶NVDmicrosoft/excel_viewer2003

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-2gfm-8cgv-xpwx: Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a↗2022-05-01

▶

CVEList

CVE-2006-1304: Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a↗2006-07-13

▶