NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-1540

Summary	MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.
Publication Date	March 30, 2006, 8:02 p.m.
Registration Date	Jan. 29, 2021, 3:34 p.m.
Last Update	Oct. 19, 2018, 1:33 a.m.

CVSS2.0 : HIGH
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	高
完全性への影響(I)	高
可用性への影響(A)	高
Get all privileges.	はい
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	はい

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:microsoft:office::::::::
cpe:2.3:a:microsoft:office:2000:::::::*
cpe:2.3:a:microsoft:office:2000:::ja::::
cpe:2.3:a:microsoft:office:2000:::ko::::
cpe:2.3:a:microsoft:office:2000:::zh::::
cpe:2.3:a:microsoft:office:2000:sp1::::::
cpe:2.3:a:microsoft:office:2000:sp3::::::
cpe:2.3:a:microsoft:office:2003::::student_teacher:::
cpe:2.3:a:microsoft:office:2003:sp1::::::
cpe:2.3:a:microsoft:office:2003:sp2::::::
cpe:2.3:a:microsoft:office:2004:::::mac_os_x::
cpe:2.3:a:microsoft:office:v.x:::::mac_os_x::
cpe:2.3:a:microsoft:office:xp:sp1::::::
cpe:2.3:a:microsoft:office:xp:sp2::::::
cpe:2.3:a:microsoft:office:xp:sp3::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/21012	SECUNIA	Third Party Advisory
2	http://securitytracker.com/id?1015855	SECTRACK	Exploit Third Party Advisory VDB Entry
3	http://www.kb.cert.org/vuls/id/609868	CERT-VN	Third Party Advisory US Government Resource
4	http://www.osvdb.org/27150	OSVDB	Broken Link
5	http://www.securityfocus.com/archive/1/439697/100/0/threaded	BUGTRAQ
6	http://www.securityfocus.com/bid/17252	BID	Exploit Third Party Advisory VDB Entry
7	http://www.securityfocus.com/bid/18889	BID	Third Party Advisory VDB Entry
8	http://www.us-cert.gov/cas/techalerts/TA06-192A.html	CERT	Third Party Advisory US Government Resource
9	http://www.vupen.com/english/advisories/2006/2756	VUPEN	Vendor Advisory
10	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-038	MS
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/27607	XF	Third Party Advisory VDB Entry
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/27609	XF	Third Party Advisory VDB Entry
13	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A639	OVAL	Third Party Advisory
14	https://www.exploit-db.com/exploits/1615	EXPLOIT-DB	Third Party Advisory VDB Entry

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html