CVE-2006-1318

Published: Sep 19, 2014Modified: May 6, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

Affected (5)

Products: Microsoft: Office

1 product

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Office	Version 2000 sp1
Microsoft Office	Version 2000 sp2
Microsoft Office	Version 2004
Microsoft Office	Version x
Microsoft Office	Version xp sp3

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (2)

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038

Source: secure@microsoft.com

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.