Check Point Advisories

Update Protection against Microsoft Excel Vulnerabilities (MS06-037)

Check Point Reference: CPAI-2006-082
Date Published: 11 Jul 2006
Severity: Critical
Last Updated: Tuesday 15 May, 2007
Source: Microsoft Security Bulletin MS06-037
Industry Reference:CVE-2006-1301
CVE-2006-1302
CVE-2006-1304
CVE-2006-1306
CVE-2006-1308
CVE-2006-2388
CVE-2006-3059
CVE-2006-1309
Protection Provided by:
Who is Vulnerable? Microsoft Office 2003 SP1 or SP2
Microsoft Excel 2003 
Microsoft Excel Viewer 2003 
Microsoft Office XP SP3
Microsoft Excel 2002 
Microsoft Office 2000 SP3
Microsoft Excel 2000
Microsoft Office 2004 for Mac
Microsoft Excel 2004 for Mac
Microsoft Office v. X for Mac
Microsoft Excel v. X for Mac
Vulnerability Description Microsoft Excel is prone to multiple vulnerabilities that may allow remote attackers to take any action with an affected system. When Excel opens a specially crafted Excel file that results from the processing of a malformed file, it may corrupt system memory, potentially allowing for remote code execution.
Vulnerability DetailsCVE-2006-1301, CVE-2006-1302: When Excel opens a specially crafted Excel file that results from the processing of a malformed SELECTION record, it may corrupt system memory, potentially allowing for remote code execution.

CVE-2006-1304: When Excel opens a specially crafted Excel file that results from the processing of a malformed COLINFO record, it may corrupt system memory, potentially allowing for remote code execution.

CVE-2006-1306: When Excel opens a specially crafted Excel file that results from the processing of a malformed OBJECT record, it may corrupt system memory, potentially allowing for remote code execution.

CVE-2006-1308: When Excel opens a specially crafted Excel file that results from the processing of a malformed FNGROUPCOUNT record, it may corrupt system memory, potentially allowing for remote code execution.

CVE-2006-1309: When Excel opens a specially crafted Excel file that results from the processing of a malformed LABEL record, it may corrupt system memory, potentially allowing for remote code execution.

CVE-2006-2388: When Excel opens a specially crafted Excel file that results from the processing of a malformed file, it may corrupt system memory, potentially allowing for remote code execution.

CVE-2006-3059: When Excel opens a specially crafted Excel file that results from the processing of a malformed file, it may corrupt system memory, potentially allowing for remote code execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK