CVE-2006-3014

Published Jun 22, 2006

Last updated 6 years ago

Overview

Description: Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.1
Impact score: 6.4
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:microsoft:excel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7973AE7A-FE9F-4AB8-BBA8-98F3AF25487C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2006-3014
http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html
http://hackingspirits.com/vuln-rnd/vuln-rnd.html
http://secunia.com/advisories/21865
http://secunia.com/advisories/22882
http://securitytracker.com/id?1016344
http://www.adobe.com/support/security/bulletins/apsb06-11.html
http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
http://www.securityfocus.com/bid/18583
http://www.securityfocus.com/bid/19980
http://www.us-cert.gov/cas/techalerts/TA06-318A.html
http://www.vupen.com/english/advisories/2006/3573
http://www.vupen.com/english/advisories/2006/3577
http://www.vupen.com/english/advisories/2006/4507
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References