Info

Disclosure

Jun 14, 2006

Discovery

Unknown

Dates

Exploit

Jun 14, 2006

Solution

Unknown

Description

Microsoft Excel contains a flaw related to a memory corruption error in the 'repair mode' functionality that may allow an attacker to execute remote arbitrary code. No further details have been provided.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation, Attack Type Unknown
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Virus / Malware
Disclosure: Vendor Verified, Uncoordinated Disclosure, Discovered in the Wild
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: don't open untrusted Excel documents.

Products

Microsoft Corporation	Excel	2000
		2002
		2003
		2004

References

Bugtraq ID: 18422
Milw0rm: 1944
Exploit Database: 1944
CVE ID: 2006-3059 (see also: NVD)
Secunia Advisory ID: 20686
SCIP VulDB ID: 2324
ISS X-Force ID: 27179
CERT VU: 802324
Microsoft Knowledge Base Article: 921365
VUPEN Advisory: ADV-2006-2361
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0464.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0034.html
Other Advisory URL: http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
Generic Informational URL: http://securityresponse.symantec.com/avcenter/venc/data/downloader.booli.a.html
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.j.html
News Article: http://www.eweek.com/article2/0,1895,1977588,00.asp
http://www.eweek.com/article2/0,1895,1978835,00.asp
http://www.eweek.com/article2/0,1895,1987291,00.asp
Microsoft Security Bulletin: MS06-037

Credit

Unknown -

Direct URL: http://osvdb.org/26527

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Excel

References

Credit