CVE-2006-1302

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-1302 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by NSFOCUS Security Team.
The original article can be found at: http://www.nsfocus.com/english/homepage/research/0605.htm

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-1302

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Excel 2000
* Microsoft Excel XP
* Microsoft Excel 2003

Excel does not perform sufficient check for certain field when processing SELECTION record. During some data copying operation the user-supplied data might be used for the copying, resulting in memory corruption and arbitrary code execution.
Attackers can craft an Excel file with malformed SELECTION record and allure users to open it via instant messaging tools, e-mail or other vectors, resulting in arbitrary code execution with the privilege of the user. If the user is the administrator, then attackers might take complete control over the system.

CVE Information:
CVE-2006-1302

Disclosure Timeline:
2006.03.30 Informed the vendor
2006.04.03 Vendor confirmed the vulnerability
2006.07.11 Microsoft has released a security bulletin (MS06-037) and related patches.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus