CVE-2006-1309Code Injection in Microsoft Excel

CWE-94Code Injection3 documents3 sources
Severity
9.3CRITICALNVD
EPSS
37.9%
top 2.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ExcelMicrosoft Excel Viewer
Timeline
PublishedJul 13
Latest updateMay 1

Description

Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVDmicrosoft/excel5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-rghv-27h7-hvxg: Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a2022-05-01
CVEList
CVE-2006-1309: Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a2006-07-13
CVE-2006-1309 — Code Injection in Microsoft Excel | cvebase