Oval Definition:oval:org.mitre.oval:def:431
Revision Date:2012-05-28Version:8
Title:Excel Malformed STYLE Record Vulnerability
Description:Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2006-3431
Platform(s):Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
Product(s):Microsoft Excel
Definition Synopsis
  • Excel 2000
  • Microsoft Excel 2000 is installed
  • AND the version of excel.exe is less than 9.0.0.8950
  • OR Excel 2002
  • Microsoft Excel 2002 is installed
  • AND the version of excel.exe is less than 10.0.6816.0
  • OR Excel 2003
  • Microsoft Excel 2003 is installed
  • AND the version of excel.exe is less than 11.0.8105.0
  • OR Excel Viewer
  • Microsoft Excel Viewer 2003 is installed
  • AND the version of xlview.exe is less than 11.0.8104.0
    • BACK