[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2006-3014Date: (C)2006-06-21   (M)2023-12-22


Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.1
Exploit Score: 4.9
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: HIGH
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1016344
BID-18583
BID-19980
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html
SECUNIA-21865
SECUNIA-22882
ADV-2006-3573
ADV-2006-3577
ADV-2006-4507
MS06-069
TA06-318A
excel-shockwave-code-execution(27312)
http://hackingspirits.com/vuln-rnd/vuln-rnd.html
http://www.adobe.com/support/security/bulletins/apsb06-11.html
http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html

CPE    1
cpe:/a:microsoft:excel
CWE    1
CWE-20
OVAL    1
oval:org.mitre.oval:def:538

© SecPod Technologies