Vulnerability-Lookup

CVE-2006-3059 (GCVE-0-2006-3059)

Vulnerability from cvelistv5 – Published: 2006-06-17 05:00 – Updated: 2024-08-07 18:16

Summary

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.kb.cert.org/vuls/id/802324	third-party-advisoryx_refsource_CERT-VN
	http://www.securityfocus.com/archive/1/437636/100…	mailing-listx_refsource_BUGTRAQ
	https://docs.microsoft.com/en-us/security-updates…	vendor-advisoryx_refsource_MS
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://blogs.securiteam.com/?p=451	x_refsource_MISC
	http://www.osvdb.org/26527	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/20686	third-party-advisoryx_refsource_SECUNIA
	http://www.us-cert.gov/cas/techalerts/TA06-167A.html	third-party-advisoryx_refsource_CERT
	http://isc.sans.org/diary.php?storyid=1420	x_refsource_MISC
	http://securitytracker.com/id?1016316	vdb-entryx_refsource_SECTRACK
	http://blogs.technet.com/msrc/archive/2006/06/16/…	x_refsource_CONFIRM
	http://www.vupen.com/english/advisories/2006/2755	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/18422	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/437936/100…	mailing-listx_refsource_BUGTRAQ
	http://www.us-cert.gov/cas/techalerts/TA06-192A.html	third-party-advisoryx_refsource_CERT
	http://www.vupen.com/english/advisories/2006/2361	vdb-entryx_refsource_VUPEN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:16:05.579Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#802324",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/802324"
          },
          {
            "name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
          },
          {
            "name": "MS06-037",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
          },
          {
            "name": "oval:org.mitre.oval:def:537",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
          },
          {
            "name": "excel-unspecified-code-execution(27179)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.securiteam.com/?p=451"
          },
          {
            "name": "26527",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26527"
          },
          {
            "name": "20686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20686"
          },
          {
            "name": "TA06-167A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://isc.sans.org/diary.php?storyid=1420"
          },
          {
            "name": "1016316",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016316"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
          },
          {
            "name": "ADV-2006-2755",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2755"
          },
          {
            "name": "18422",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18422"
          },
          {
            "name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
          },
          {
            "name": "TA06-192A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
          },
          {
            "name": "ADV-2006-2361",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2361"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-16T04:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "VU#802324",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/802324"
        },
        {
          "name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
        },
        {
          "name": "MS06-037",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
        },
        {
          "name": "oval:org.mitre.oval:def:537",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
        },
        {
          "name": "excel-unspecified-code-execution(27179)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.securiteam.com/?p=451"
        },
        {
          "name": "26527",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26527"
        },
        {
          "name": "20686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20686"
        },
        {
          "name": "TA06-167A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://isc.sans.org/diary.php?storyid=1420"
        },
        {
          "name": "1016316",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016316"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
        },
        {
          "name": "ADV-2006-2755",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2755"
        },
        {
          "name": "18422",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18422"
        },
        {
          "name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
        },
        {
          "name": "TA06-192A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
        },
        {
          "name": "ADV-2006-2361",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2361"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3059",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#802324",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/802324"
            },
            {
              "name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
            },
            {
              "name": "MS06-037",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
            },
            {
              "name": "oval:org.mitre.oval:def:537",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
            },
            {
              "name": "excel-unspecified-code-execution(27179)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
            },
            {
              "name": "http://blogs.securiteam.com/?p=451",
              "refsource": "MISC",
              "url": "http://blogs.securiteam.com/?p=451"
            },
            {
              "name": "26527",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26527"
            },
            {
              "name": "20686",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20686"
            },
            {
              "name": "TA06-167A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
            },
            {
              "name": "http://isc.sans.org/diary.php?storyid=1420",
              "refsource": "MISC",
              "url": "http://isc.sans.org/diary.php?storyid=1420"
            },
            {
              "name": "1016316",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016316"
            },
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
            },
            {
              "name": "ADV-2006-2755",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2755"
            },
            {
              "name": "18422",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18422"
            },
            {
              "name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
            },
            {
              "name": "TA06-192A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
            },
            {
              "name": "ADV-2006-2361",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2361"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3059",
    "datePublished": "2006-06-17T05:00:00.000Z",
    "dateReserved": "2006-06-16T04:00:00.000Z",
    "dateUpdated": "2024-08-07T18:16:05.579Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2006-3059

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3059

Aliases

CVE-2006-3059

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3059",
    "description": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086.",
    "id": "GSD-2006-3059"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3059"
      ],
      "details": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086.",
      "id": "GSD-2006-3059",
      "modified": "2023-12-13T01:19:57.166398Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3059",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#802324",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/802324"
          },
          {
            "name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
          },
          {
            "name": "MS06-037",
            "refsource": "MS",
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
          },
          {
            "name": "oval:org.mitre.oval:def:537",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
          },
          {
            "name": "excel-unspecified-code-execution(27179)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
          },
          {
            "name": "http://blogs.securiteam.com/?p=451",
            "refsource": "MISC",
            "url": "http://blogs.securiteam.com/?p=451"
          },
          {
            "name": "26527",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/26527"
          },
          {
            "name": "20686",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20686"
          },
          {
            "name": "TA06-167A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
          },
          {
            "name": "http://isc.sans.org/diary.php?storyid=1420",
            "refsource": "MISC",
            "url": "http://isc.sans.org/diary.php?storyid=1420"
          },
          {
            "name": "1016316",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1016316"
          },
          {
            "name": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx",
            "refsource": "CONFIRM",
            "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
          },
          {
            "name": "ADV-2006-2755",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2755"
          },
          {
            "name": "18422",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/18422"
          },
          {
            "name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
          },
          {
            "name": "TA06-192A",
            "refsource": "CERT",
            "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
          },
          {
            "name": "ADV-2006-2361",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2361"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2004:*:mac_os_x:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3059"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
            },
            {
              "name": "VU#802324",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/802324"
            },
            {
              "name": "18422",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/18422"
            },
            {
              "name": "1016316",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1016316"
            },
            {
              "name": "20686",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20686"
            },
            {
              "name": "TA06-167A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
            },
            {
              "name": "http://isc.sans.org/diary.php?storyid=1420",
              "refsource": "MISC",
              "tags": [],
              "url": "http://isc.sans.org/diary.php?storyid=1420"
            },
            {
              "name": "26527",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/26527"
            },
            {
              "name": "http://blogs.securiteam.com/?p=451",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.securiteam.com/?p=451"
            },
            {
              "name": "TA06-192A",
              "refsource": "CERT",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
            },
            {
              "name": "ADV-2006-2755",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2755"
            },
            {
              "name": "ADV-2006-2361",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2361"
            },
            {
              "name": "excel-unspecified-code-execution(27179)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
            },
            {
              "name": "oval:org.mitre.oval:def:537",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
            },
            {
              "name": "MS06-037",
              "refsource": "MS",
              "tags": [],
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
            },
            {
              "name": "20060621 Excel 0-day FAQ updated with Microsoft advisory information",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
            },
            {
              "name": "20060618 Microsoft Excel 0-day Vulnerability FAQ document written",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2018-10-18T16:45Z",
      "publishedDate": "2006-06-17T13:18Z"
    }
  }
}

FKIE_CVE-2006-3059

Vulnerability from fkie_nvd - Published: 2006-06-17 13:18 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://blogs.securiteam.com/?p=451
cve@mitre.org	http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
cve@mitre.org	http://isc.sans.org/diary.php?storyid=1420
cve@mitre.org	http://secunia.com/advisories/20686	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1016316
cve@mitre.org	http://www.kb.cert.org/vuls/id/802324	US Government Resource
cve@mitre.org	http://www.osvdb.org/26527
cve@mitre.org	http://www.securityfocus.com/archive/1/437636/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/437936/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/18422
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-167A.html	US Government Resource
cve@mitre.org	http://www.us-cert.gov/cas/techalerts/TA06-192A.html	US Government Resource
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2361	Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2755	Vendor Advisory
cve@mitre.org	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27179
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537
af854a3a-2127-422b-91ae-364da2661108	http://blogs.securiteam.com/?p=451
af854a3a-2127-422b-91ae-364da2661108	http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
af854a3a-2127-422b-91ae-364da2661108	http://isc.sans.org/diary.php?storyid=1420
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20686	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1016316
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/802324	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/26527
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/437636/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/437936/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/18422
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-167A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.us-cert.gov/cas/techalerts/TA06-192A.html	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2361	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2755	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27179
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537

Impacted products

Vendor	Product	Version
microsoft	excel	2000
microsoft	excel	2000
microsoft	excel	2000
microsoft	excel	2000
microsoft	excel	2002
microsoft	excel	2002
microsoft	excel	2002
microsoft	excel	2002
microsoft	excel	2003
microsoft	excel	2003
microsoft	excel	2004
microsoft	excel_viewer	2003

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:*:*:*:*:*:*:*",
              "matchCriteriaId": "F55D42D5-7371-47C2-BF55-B7F51C19B61E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D4FBEB90-1BF2-4E84-9A74-EAD226AAA0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "439B26BA-376C-4D6B-B7BA-B66B8BDA8E37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2000:sr1:*:*:*:*:*:*",
              "matchCriteriaId": "27C6E1BC-406E-4B0B-B513-33226AC4482D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:*:*:*:*:*:*:*",
              "matchCriteriaId": "082D3262-87E3-4245-AD9C-02BE0871FA3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "C619E79B-90FB-4812-B0F3-115B47498492",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "EC893353-909C-49A8-8C3A-AD325C1D365D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2002:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "896E23B1-AB34-43FF-96F3-BA6ED7F162AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F79E0AB-7081-4F97-BFE4-9AF84F643B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2003:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "9AED7433-3C95-4868-B05D-244149E0E33E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel:2004:*:mac_os_x:*:*:*:*:*",
              "matchCriteriaId": "B29EBC56-422C-45DF-B241-FA3EF1F7A8EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:microsoft:excel_viewer:2003:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB0020C-A804-4003-B411-1AC7A6E7193E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en Microsoft Excel v2000 hasta la v2004 que permite a usuarios atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de vectores desconocidos. NOTA: esta es una vulnerabilidad diferente de CVE-2006-3086."
    }
  ],
  "id": "CVE-2006-3059",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2006-06-17T13:18:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.securiteam.com/?p=451"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://isc.sans.org/diary.php?storyid=1420"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20686"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016316"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/802324"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/26527"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18422"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2361"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2755"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.securiteam.com/?p=451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://isc.sans.org/diary.php?storyid=1420"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/802324"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/26527"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18422"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2361"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2755"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTA-2006-ALE-007

Vulnerability from certfr_alerte - Published: 2006-06-16 - Updated: 2006-07-12

Une vulnérabilité non corrigée dans Microsoft Excel permettrait à un utilisateur mal intentionné de faire exécuter du code arbitraire ou de provoquer un déni de service sur la machine d'un utilisateur ouvrant un fichier au format xls.

Description

Une vulnérabilité de nature pour le moment inconnue dans Microsoft Excel permettrait à un utilisateur mal intentionné d'exécuter du code arbitraire ou de provoquer un déni de service. Cette vulnérabilité ferait l'objet d'une utilisation par du code malveillant véhiculé via du pourriel ( « spam » ) sur l'Internet. Elle est exploitable par le biais d'un fichier xls construit de façon particulière. Cependant, l'attaque ne peut aboutir que si l'utilisateur décide d'ouvrir le fichier Excel.

Contournements provisoires

5.1 N'ouvrir que les documents provenant de sources de confiance

A la réception d'un document au format xls via la messagerie électronique ou par tout autre support (URL, clef USB, disquette, etc...), il est nécessaire de s'assurer de la provenance de ce fichier et de ne l'ouvrir que si la source est de confiance.

5.2 Utiliser un logiciel alternatif

Il est possible d'utiliser un tableur alternatif non affecté par la vulnérabilité comme Gnumeric ou celui de OpenOffice.org.

5.3 Contournement spécifique à Excel 2003

Microsoft Excel doit passer en mode «Repair» pour mettre en œuvre la vulnérabilité. Aussi, dans l'attente d'un correctif, il est recommandé de désactiver cette fonctionnalité de mode « Repair » en modifiant des clefs de la base de registres. Il est cependant important de noter qu'une erreur de modification dans la base de registres peut entraîner des dysfonctionnements voir la nécessité de réinstaller la machine.

sous windows 2000 :

cliquer sur Démarrer puis Exécuter. taper regedt32 et cliquer sur ok ;
éditer la clef HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Resiliency (si cette clef n'existe pas, la créer) ;
cliquer sur Editer puis permissions ;
cliquer afin de décocher la case Allow Inheritable Permissions from the parent to propagate to this object. cliquer alors sur Supprimer puis OK ;
un message d'avertissement apparaît alors, cliquer sur Oui.

sous windows XP Service Pack 1 et suivant :

cliquer sur Démarrer puis Exécuter. taper regedt32 et cliquer sur ok ;
éditer la clef HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Resiliency (si cette clef n'existe pas, la créer) ;
cliquer sur Editer puis permissions ;
cliquer afin de décocher la case Inherit from the parent the permission entries that apply to child objects. Include these with entries explicitly defined here. cliquer alors sur Supprimer puis OK ;
un message d'avertissement apparaît alors, cliquer sur Oui.

NB: Le mode « Repair » de Microsoft Excel a pour fonction de récupérer les documents Excel endommagés. En appliquant ce contournement provisoire, il sera impossible d'utiliser cette fonctionnalité de récupération.

Solution

Se référer au bulletin de sécurité de l'éditeur et à l'avis de sécurité du CERTA pour l'obtention du correctif.

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Microsoft Excel version X pour Mac.
Microsoft	N/A	Microsoft Excel 2002 Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2004 pour Mac ;
Microsoft	N/A	Microsoft Excel 2003 Service Pack 1 ;
Microsoft	N/A	Microsoft Excel Viewer 2003 ;
Microsoft	Office	Microsoft Office 2000 ;
Microsoft	Office	Microsoft Office XP ;
Microsoft	Office	Microsoft Office 2003 ;
Microsoft	N/A	Microsoft Excel 2000 Service Pack 3 ;
Microsoft	N/A	Microsoft Excel 2003 Service Pack 2 ;

References

Title

Publication Time

Tags

Article sur le site du Microsoft Security Response Center	None	vendor-advisory
Bulletin de sécurité Microsoft MS06-037 du 11 juillet 2006 :	-	other
Bulletin de sécurité Microsoft MS06-037 du 11 juillet 2006 :	-	other
Site du Microsoft Security Response Center :	-	other
Avis de sécurité du CERTA du 12 juillet 2006 :	-	other
Bulletin du SANS du 16 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Excel version X pour Mac.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2002 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2004 pour Mac ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2003 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel Viewer 2003 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2000 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office XP ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2000 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Excel 2003 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "closed_at": "2006-07-12",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de nature pour le moment inconnue dans Microsoft Excel\npermettrait \u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire ou de provoquer un d\u00e9ni de service. Cette vuln\u00e9rabilit\u00e9\nferait l\u0027objet d\u0027une utilisation par du code malveillant v\u00e9hicul\u00e9 via du\npourriel ( \u00ab spam \u00bb ) sur l\u0027Internet. Elle est exploitable par le biais\nd\u0027un fichier xls construit de fa\u00e7on particuli\u00e8re. Cependant, l\u0027attaque\nne peut aboutir que si l\u0027utilisateur d\u00e9cide d\u0027ouvrir le fichier Excel.\n\n## Contournements provisoires\n\n## 5.1 N\u0027ouvrir que les documents provenant de sources de confiance\n\nA la r\u00e9ception d\u0027un document au format xls via la messagerie\n\u00e9lectronique ou par tout autre support (URL, clef USB, disquette,\netc...), il est n\u00e9cessaire de s\u0027assurer de la provenance de ce fichier\net de ne l\u0027ouvrir que si la source est de confiance.\n\n## 5.2 Utiliser un logiciel alternatif\n\nIl est possible d\u0027utiliser un tableur alternatif non affect\u00e9 par la\nvuln\u00e9rabilit\u00e9 comme Gnumeric ou celui de OpenOffice.org.\n\n## 5.3 Contournement sp\u00e9cifique \u00e0 Excel 2003\n\nMicrosoft Excel doit passer en mode \u00abRepair\u00bb pour mettre en \u0153uvre la\nvuln\u00e9rabilit\u00e9. Aussi, dans l\u0027attente d\u0027un correctif, il est recommand\u00e9\nde d\u00e9sactiver cette fonctionnalit\u00e9 de mode \u00ab Repair \u00bb en modifiant des\nclefs de la base de registres. Il est cependant important de noter\nqu\u0027une erreur de modification dans la base de registres peut entra\u00eener\ndes dysfonctionnements voir la n\u00e9cessit\u00e9 de r\u00e9installer la machine.\n\n### sous windows 2000 :\n\n-   cliquer sur D\u00e9marrer puis Ex\u00e9cuter. taper regedt32 et cliquer sur ok\n    ;\n-   \u00e9diter la clef\n    `HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Excel\\Resiliency`\n    (si cette clef n\u0027existe pas, la cr\u00e9er) ;\n-   cliquer sur Editer puis permissions ;\n-   cliquer afin de d\u00e9cocher la case Allow Inheritable Permissions from\n    the parent to propagate to this object. cliquer alors sur Supprimer\n    puis OK ;\n-   un message d\u0027avertissement appara\u00eet alors, cliquer sur Oui.\n\n### sous windows XP Service Pack 1 et suivant :\n\n-   cliquer sur D\u00e9marrer puis Ex\u00e9cuter. taper regedt32 et cliquer sur ok\n    ;\n-   \u00e9diter la clef\n    `HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\11.0\\Excel\\Resiliency`\n    (si cette clef n\u0027existe pas, la cr\u00e9er) ;\n-   cliquer sur Editer puis permissions ;\n-   cliquer afin de d\u00e9cocher la case Inherit from the parent the\n    permission entries that apply to child objects. Include these with\n    entries explicitly defined here. cliquer alors sur Supprimer puis OK\n    ;\n-   un message d\u0027avertissement appara\u00eet alors, cliquer sur Oui.\n\n\u003cspan class=\"textbf\"\u003eNB:\u003c/span\u003e Le mode \u00ab Repair \u00bb de Microsoft Excel a\npour fonction de r\u00e9cup\u00e9rer les documents Excel endommag\u00e9s. En appliquant\nce contournement provisoire, il sera impossible d\u0027utiliser cette\nfonctionnalit\u00e9 de r\u00e9cup\u00e9ration.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur et \u00e0 l\u0027avis de s\u00e9curit\u00e9\ndu CERTA pour l\u0027obtention du correctif.\n",
  "cves": [
    {
      "name": "CVE-2006-3059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3059"
    }
  ],
  "initial_release_date": "2006-06-16T00:00:00",
  "last_revision_date": "2006-07-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-037 du 11 juillet 2006    :",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS06-037.mspx"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-037 du 11 juillet 2006    :",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-037.mspx"
    },
    {
      "title": "Site du Microsoft Security Response Center :",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 du CERTA du 12 juillet 2006 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-AVI-285/index.html"
    },
    {
      "title": "Bulletin du SANS du 16 juin 2006 :",
      "url": "http://isc.sans.org/diary.php/storyid=1420"
    }
  ],
  "reference": "CERTA-2006-ALE-007",
  "revisions": [
    {
      "description": "version initiale ;",
      "revision_date": "2006-06-16T00:00:00.000000"
    },
    {
      "description": "ajout du contournement provisoir pour Windows 2003, ajout des versions Mac et du Viewer, ajout de la r\u00e9f\u00e9rence CVE.",
      "revision_date": "2006-06-20T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 Microsoft et CERTA.",
      "revision_date": "2006-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 non corrig\u00e9e dans Microsoft Excel permettrait \u00e0 un\nutilisateur mal intentionn\u00e9 de faire ex\u00e9cuter du code arbitraire ou de\nprovoquer un d\u00e9ni de service sur la machine d\u0027un utilisateur ouvrant un\nfichier au format xls.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Article sur le site du Microsoft Security Response Center",
      "url": null
    }
  ]
}

GHSA-QFQ4-V5CR-VVR4

Vulnerability from github – Published: 2022-05-01 07:05 – Updated: 2022-05-01 07:05

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3059"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-17T13:18:00Z",
    "severity": "HIGH"
  },
  "details": "Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors.  NOTE: this is a different vulnerability than CVE-2006-3086.",
  "id": "GHSA-qfq4-v5cr-vvr4",
  "modified": "2022-05-01T07:05:21Z",
  "published": "2022-05-01T07:05:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3059"
    },
    {
      "type": "WEB",
      "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27179"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537"
    },
    {
      "type": "WEB",
      "url": "http://blogs.securiteam.com/?p=451"
    },
    {
      "type": "WEB",
      "url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
    },
    {
      "type": "WEB",
      "url": "http://isc.sans.org/diary.php?storyid=1420"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20686"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1016316"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/802324"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/26527"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/437636/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/437936/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/18422"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-167A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.us-cert.gov/cas/techalerts/TA06-192A.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2361"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2755"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2006-AVI-285

Vulnerability from certfr_avis - Published: 2006-07-12 - Updated: 2006-07-12

Plusieurs vulnérabilités sont présentes dans Microsoft Excel. Certaines de ces vulnérabilités peuvent être exploitées par un utilisateur distant pour exécuter du code arbitraire sur le système ayant la version vulnérable de ce logiciel.

Description

Huit vulnérabilités sont présentes dans le logiciel Microsoft Excel :

Deux vulnérabilités existent dans les enregistrements SELECTION (CVE-2006-1301 et CVE-2006-1302). Ces vulnérabilités peuvent être exploitées par un utilisateur mal intentionné à partir d'un enregistrement SELECTION dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
Une vulnérabilité existe dans les enregistrements COLINFO (CVE-2006-1304). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement COLINFO dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
Une vulnérabilité existe dans les enregistrements OBJECT (CVE-2006-1306). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement OBJECT dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
Une vulnérabilité existe dans les enregistrements FNGROUPCOUNT (CVE-2006-1308). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement FNGROUPCOUNT dans un fichier Excel pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier spécialement construit.
Une vulnérabilité existe dans les enregistrements LABEL (CVE-2006-1309). Cette vulnérabilité peut être exploitée par un utilisateur mal intentionné à partir d'un enregistrement LABEL dans un fichier Excel malveillant pour exécuter du code arbitraire sur le poste d'un utilisateur ouvrant le fichier malcieusement construit.
Les deux dernières vulnérabilités présentes sur Excel peuvent être exploitées par un utilisateur mal intentionné à partir d'un fichier Excel malveillant (CVE-2006-2388 CVE-2006-3059). La dernière de ces vulnérabilité à fait l'objet d'une alerte au CERTA le 16 juin 2006.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Office	Microsoft Office XP Service Pack 3 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 2 ;
Microsoft	Office	Microsoft Office 2003 Service Pack 1 ;
Microsoft	Office	Microsoft Office 2000 Service Pack 3 ;
Microsoft	Office	Microsoft Office version X pour Mac.
Microsoft	Office	Microsoft Office 2004 pour Mac ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS06-037	None	vendor-advisory
Bulletin d'alerte du CERTA CERTA-2006-ALE-007 du 16 juin 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Office XP Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 2 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2003 Service Pack 1 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2000 Service Pack 3 ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office version X pour Mac.",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Office 2004 pour Mac ;",
      "product": {
        "name": "Office",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nHuit vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans le logiciel Microsoft Excel :\n\n-   Deux vuln\u00e9rabilit\u00e9s existent dans les enregistrements SELECTION\n    (CVE-2006-1301 et CVE-2006-1302). Ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre\n    exploit\u00e9es par un utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un\n    enregistrement SELECTION dans un fichier Excel pour ex\u00e9cuter du code\n    arbitraire sur le poste d\u0027un utilisateur ouvrant le fichier\n    sp\u00e9cialement construit.\n-   Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements COLINFO\n    (CVE-2006-1304). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n    utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement COLINFO\n    dans un fichier Excel pour ex\u00e9cuter du code arbitraire sur le poste\n    d\u0027un utilisateur ouvrant le fichier sp\u00e9cialement construit.\n-   Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements OBJECT\n    (CVE-2006-1306). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n    utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement OBJECT dans\n    un fichier Excel pour ex\u00e9cuter du code arbitraire sur le poste d\u0027un\n    utilisateur ouvrant le fichier sp\u00e9cialement construit.\n-   Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements FNGROUPCOUNT\n    (CVE-2006-1308). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n    utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement\n    FNGROUPCOUNT dans un fichier Excel pour ex\u00e9cuter du code arbitraire\n    sur le poste d\u0027un utilisateur ouvrant le fichier sp\u00e9cialement\n    construit.\n-   Une vuln\u00e9rabilit\u00e9 existe dans les enregistrements LABEL\n    (CVE-2006-1309). Cette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e par un\n    utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un enregistrement LABEL dans\n    un fichier Excel malveillant pour ex\u00e9cuter du code arbitraire sur le\n    poste d\u0027un utilisateur ouvrant le fichier malcieusement construit.\n-   Les deux derni\u00e8res vuln\u00e9rabilit\u00e9s pr\u00e9sentes sur Excel peuvent \u00eatre\n    exploit\u00e9es par un utilisateur mal intentionn\u00e9 \u00e0 partir d\u0027un fichier\n    Excel malveillant (CVE-2006-2388 CVE-2006-3059). La derni\u00e8re de ces\n    vuln\u00e9rabilit\u00e9 \u00e0 fait l\u0027objet d\u0027une alerte au CERTA le 16 juin 2006.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-1301",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1301"
    },
    {
      "name": "CVE-2006-1304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1304"
    },
    {
      "name": "CVE-2006-1309",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1309"
    },
    {
      "name": "CVE-2006-1302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1302"
    },
    {
      "name": "CVE-2006-3059",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3059"
    },
    {
      "name": "CVE-2006-1308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1308"
    },
    {
      "name": "CVE-2006-2388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2388"
    },
    {
      "name": "CVE-2006-1306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-1306"
    }
  ],
  "initial_release_date": "2006-07-12T00:00:00",
  "last_revision_date": "2006-07-12T00:00:00",
  "links": [
    {
      "title": "Bulletin d\u0027alerte du CERTA CERTA-2006-ALE-007 du 16 juin    2006 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2006-ALE-007/index.html"
    }
  ],
  "reference": "CERTA-2006-AVI-285",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-07-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes dans Microsoft Excel. Certaines\nde ces vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un utilisateur distant\npour ex\u00e9cuter du code arbitraire sur le syst\u00e8me ayant la version\nvuln\u00e9rable de ce logiciel.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Excel",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS06-037",
      "url": "http://www.microsoft.com/france/technet/security/Bulletin/MS06-037.mspx"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3059 (GCVE-0-2006-3059)

GSD-2006-3059

FKIE_CVE-2006-3059

CERTA-2006-ALE-007

Description

Contournements provisoires

5.1 N'ouvrir que les documents provenant de sources de confiance

5.2 Utiliser un logiciel alternatif

5.3 Contournement spécifique à Excel 2003

sous windows 2000 :

sous windows XP Service Pack 1 et suivant :

Solution

GHSA-QFQ4-V5CR-VVR4

CERTA-2006-AVI-285

Description

Solution

Tags

Sightings

Nomenclature