CVE-2006-1304

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2006-1304 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by NSFOCUS Security Team .
The original article can be found at: http://www.nsfocus.com/english/homepage/research/0606.htm

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2006-1304

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Excel 2000
* Microsoft Excel 2002
* Microsoft Excel 2003

Excel does not perform sufficient check for certain field when processing COLINFO record, which might cause a buffer overflow vulnerability in data filling operation. Attackers can run arbitrary via carefully craft data.

Attackers can craft an Excel file with malformed COLINFO record and allure users to open it via instant messaging tools, e-mail or other vectors, resulting in arbitrary code execution with the privilege of the user. If the user is the administrator, then attackers might take complete control over the system.

CVE Information:
CVE-2006-1304

Disclosure Timeline:
2006.03.30 Informed the vendor
2006.04.03 Vendor confirmed the vulnerability
2006.07.11 Microsoft has released a security bulletin (MS06-037) and related patches.

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus