SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2005-4131

Date: (C)2005-12-09 (M)2023-12-22

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1015333

SECTRACK-1015766

http://www.securityfocus.com/archive/1/427635/100/0/threaded

http://www.securityfocus.com/archive/1/427698/100/0/threaded

excel-msvcrt-memmove-bo(23537)

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538

http://informationweek.com/story/showArticle.jhtml?articleID=174910198

http://news.com.com/2061-10789_3-5988086.html

http://news.zdnet.com/2100-1009_22-5989078.html

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/

http://www.eweek.com/article2/0%2C1759%2C1899697%2C00.asp?kc=EWRSS03129TX1K0000614

http://www.osvdb.org/blog/?p=71

http://www.securityfocus.com/news/11363

http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html

http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/

cpe:/a:microsoft:excel:2000:sp2
cpe:/a:microsoft:excel:2000:sp3
cpe:/a:microsoft:excel:2003:sp1
cpe:/a:microsoft:excel:2000:sr1
...

© SecPod Technologies