Vulnerability details
Advisory: SB2006071101 - Multiple vulnerabilities in Microsoft Excel
Vulnerable component: Microsoft Excel
CVE-ID: CVE-2006-1301
CVSSv3 score: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C
CWE-ID: CWE-119 - Memory corruption
Description:
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed SELECTION record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability was being actively exploited.