CVE-2005-4131

Severity

68%

Complexity

86%

Confidentiality

106%

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

First reported 19 years ago

2005-12-09 11:03:00

Last updated 6 years ago

2018-10-19 15:40:00

Affected Software

Microsoft Excel 95

95

Microsoft Excel 97

97

Microsoft Excel 97 SR1

97

Microsoft Excel 97 SR2

97

マイクロソフト エクセル 2000

2000

マイクロソフト エクセル 2000 SP2

2000

Microsoft Excel 2000 Service Pack 3

2000

マイクロソフト エクセル 2000 SR1

2000

Microsoft Excel 2002

2002

マイクロソフト エクセル 2002 SP1

2002

マイクロソフト エクセル 2002 SP2

2002

Microsoft Office Excel 2002 Service Pack 3

2002

マイクロソフト エクセル 2003

2003

Microsoft Excel 2003 SP1

2003

References

http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=7203336538

http://informationweek.com/story/showArticle.jhtml?articleID=174910198

http://news.com.com/2061-10789_3-5988086.html

http://news.zdnet.com/2100-1009_22-5989078.html

19138

Vendor Advisory

19238

Vendor Advisory

584

591

1015333

1015766

http://support.avaya.com/elmodocs2/security/ASA-2006-069.htm

http://www.dicks-blog.com/archives/2005/12/08/excel-vulnerability-for-sale/

http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614

VU#642428

US Government Resource

http://www.osvdb.org/blog/?p=71

20060314 High Risk Vulnerability in Microsoft Excel

20060315 [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution

15780

Patch

http://www.securityfocus.com/news/11363

http://www.theage.com.au/news/breaking/excel-flaw-up-for-sale-on-ebay/2005/12/09/1134086783318.html

http://www.theregister.co.uk/2005/12/10/ebay_pulls_excel_vulnerability_auction/

TA06-073A

US Government Resource

ADV-2006-0950

Vendor Advisory

MS06-012

excel-msvcrt-memmove-bo(23537)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.