CVE-2006-1306Code Injection in Microsoft Excel

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
42.4%
top 2.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Excel Viewer
Timeline
PublishedJul 13
Latest updateMay 1

Description

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel5 versions+4

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-hxvv-cfhj-6j8r: Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a2022-05-01
CVEList
CVE-2006-1306: Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a2006-07-13
CVE-2006-1306 — Code Injection in Microsoft Excel | cvebase