Main
Vulnerability Database
Exploits
ID:474 - Exploit for Remote code execution in Microsoft products - CVE-2006-3059
ID:474 - Exploit for Remote code execution in Microsoft products - CVE-2006-3059
Published: March 18, 2020
Vulnerability identifier: #VU1176
Vulnerability risk: Critical
CVE-ID: CVE-2006-3059
CWE-ID: CWE-119
Exploitation vector: Remote access
Vulnerable software:
Microsoft Excel for macOS
Microsoft Excel
Microsoft Office
Microsoft Office for macOS
Microsoft Excel for macOS
Microsoft Excel
Microsoft Office
Microsoft Office for macOS
Link to public exploit:
Vulnerability description
The vulnerability allows a remote user to execute arbitrary code on the target system.
The weakness is due to a stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName() function. By persuading the victim to open a specially crafted Excel file, a remote attacker can cause DoS conditions or execute arbitrary code via a long hyperlink.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
The weakness is due to a stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName() function. By persuading the victim to open a specially crafted Excel file, a remote attacker can cause DoS conditions or execute arbitrary code via a long hyperlink.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Remediation
Microsoft Excel 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=5788518C-0FB3-4381-BB42-BCA71A4FD646
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/
Microsoft Excel Viewer 2003 - https://www.microsoft.com/downloads/details.aspx?FamilyId=779666AB-CCD1-47A1-8A5A-B288A5204369
Microsoft Excel 2002 - https://www.microsoft.com/downloads/details.aspx?FamilyId=0828F77F-BE33-4913-B68D-6A375D5FE130
Microsoft Excel 2000 - https://www.microsoft.com/downloads/details.aspx?FamilyId=D8A2AD6D-582C-4185-ADE1-671D2128D3EE
Microsoft Excel 2004 for Mac - https://www.microsoft.com/mac/
Microsoft Excel v. X for Mac - https://www.microsoft.com/mac/