Mdropper.J Trojan.
Vulnerability details
Advisory: SB2006071101 - Multiple vulnerabilities in Microsoft Excel
Vulnerable component: Microsoft Excel
CVE-ID: CVE-2006-3059
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to a stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName() function. By persuading the victim to open a specially crafted Excel file, a remote attacker can cause DoS conditions or execute arbitrary code via a long hyperlink.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Public Exploits:
- Microsoft Excel - Unspecified Remote Code Execution [Exploit-DB]
External links:
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
http://www.kb.cert.org/vuls/id/394444
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/(ms06-037)%20vul...
https://home.mcafee.com/virusinfo/virusprofile.aspx?key=140010
https://blogs.technet.microsoft.com/msrc/2006/06/24/an-update-on-recent-public-issues/
https://www.cnet.com/news/buffer-overflow-in-microsoft-hyperlink-object-library/