CVE-2006-0031

Published: Mar 14, 2006Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.

Affected (6)

Products: Microsoft: Office

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2000 sp3
Microsoft Office	Version 2003 sp1
Microsoft Office	Version 2003 sp2
Microsoft Office	Version 2004
Microsoft Office	Version v.x
Microsoft Office	Version xp sp3

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (36)

http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1521.html

Source: secure@microsoft.com

http://secunia.com/advisories/19138

Source: secure@microsoft.com

PatchVendor Advisory

http://secunia.com/advisories/19238

Source: secure@microsoft.com

Vendor Advisory

http://securityreason.com/securityalert/589

Source: secure@microsoft.com

http://securitytracker.com/id?1015766

Source: secure@microsoft.com

Patch

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

Source: secure@microsoft.com

http://www.kb.cert.org/vuls/id/104302

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.osvdb.org/23902

Source: secure@microsoft.com

http://www.securityfocus.com/archive/1/427699/100/0/threaded

Source: secure@microsoft.com

http://www.securityfocus.com/bid/17101

Source: secure@microsoft.com

Patch

http://www.us-cert.gov/cas/techalerts/TA06-073A.html

Source: secure@microsoft.com

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2006/0950

Source: secure@microsoft.com

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012

Source: secure@microsoft.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/25228

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1327

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1525

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1750

Source: secure@microsoft.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A763

Source: secure@microsoft.com

http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1521.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/19138

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/19238

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/589

Source: af854a3a-2127-422b-91ae-364da2661108

http://securitytracker.com/id?1015766

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.kb.cert.org/vuls/id/104302

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.osvdb.org/23902

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/427699/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/17101

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.us-cert.gov/cas/techalerts/TA06-073A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

http://www.vupen.com/english/advisories/2006/0950

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-012

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/25228

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1327

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1525

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1750

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A763

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.