Overview
Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
Microsoft Excel contains an unspecified vulnerability that could be exploited when Excel opens a specially crafted Lotus 1-2-3 document. This vulnerability affects both Windows and Mac versions of Excel. |
Impact
By convincing a user to open a specially crafted Lotus 1-2-3 document, an attacker could execute arbitrary code with the privileges of the user running Excel. If the user is logged in with administrative privileges, the attacker could take complete control of a vulnerable system. This vulnerability may also cause Excel to crash. |
Solution
Apply an update This vulnerability is addressed in Microsoft Security Bulletin MS06-059. |
|
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was publicly disclosed by Benjamin Tobias Franz.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2006-3867 |
| Severity Metric: | 38.73 |
| Date Public: | 2006-10-10 |
| Date First Published: | 2006-10-10 |
| Date Last Updated: | 2007-02-27 19:36 UTC |
| Document Revision: | 4 |