Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11814
HistoryMar 15, 2006 - 12:00 a.m.

Fortinet Security Advisory: FSA-2006-08

2006-03-1500:00:00
vulners.com
20
JSON

Fortinet Security Advisory: FSA-2006-08

Microsoft Excel Column Index Improper Memory Access

Advisory Date : March 14, 2006
Reported Date : January 24, 2006
Vendor : Microsoft
Affected Products : Microsoft Excel 2003 Chinese Version
Windows XP Home Edition Chinese Version and
possible all versions of Microsoft Excel.
Severity : High
Reference : http://www.microsoft.com/technet/security/Bulletin/MS06-012.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0029
http://www.securityfocus.com/bid/15780

Description : Fortinet Security Research Team (FSRT) has discovered a Improper Memory Access
Vulnerability in the Microsoft Excel software. This vulnerability is due to Microsoft Excel's manipulation of
opcode 0x001D, when provided with a random Column Index, it will cause a Improper Memory Access. An remote
attacker could construct a .xls file and put it on controlled web site. When the user opens the .xls file
with Microsoft Internet Explorer, the browser will call Microsoft Excel to open the .xls file automatically,
and this will cause Microsoft Excel to crash. If excel file is specially crafted, it may allow attackers to
execute arbitrary code on the affected system.

Impact : Execution of arbitrary code leading to system compromise.

Solution : Microsoft has released a update for this vulnerability, which is available for
downloading from Microsoft web site, see reference.

Fortinet Protection: FortiGate series of security systems have been updated to detect exploits targeting
this vulnerability.

Acknowledgment : Dejun Meng of Fortinet Security Research team found this vulnerability.

Disclaimer : Although Fortinet has attempted to provide accurate information in these materials,
Fortinet assumes no legal responsibility for the accuracy or completeness of the information. More specific
information is available on request from Fortinet. Please note that Fortinet's product information does not
constitute or contain any guarantee, warranty or legally binding representation, unless expressly identified
as such in a duly signed writing.

Related

cert 1
cve 1
prion 1
securityvulns 3
nessus 1
checkpoint_advisories 1
cert
cert
Microsoft Excel malformed description memory corruption vulnerability
2006-03-14 00:00:00
cve
cve
CVE-2006-0029
2006-03-14 23:02:00
prion
prion
Memory corruption
2006-03-14 23:02:00
securityvulns
securityvulns
Fortinet Security Advisory: FSA-2006-09
2006-03-15 00:00:00
US-CERT Technical Cyber Security Alert TA06-073A -- Microsoft Office and Excel Vulnerabilities
2006-03-15 00:00:00
Microsoft Security Bulletin MS06-012 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
2006-03-15 00:00:00
nessus
nessus
MS06-012: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
2006-03-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Update Protection against Multiple Microsoft Office Vulnerabilities (MS06-012)
2006-03-15 00:00:00
JSON
Related for SECURITYVULNS:DOC:11814
cert1cve1prion1securityvulns3nessus1checkpoint_advisories1