| Vulnerability Name: | CVE-2006-1540 (CCN-25678) | ||||||||
| Assigned: | 2006-03-30 | ||||||||
| Published: | 2006-03-30 | ||||||||
| Updated: | 2018-10-18 | ||||||||
| Summary: | MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. Note: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string. | ||||||||
| CVSS v3 Severity: | 2.6 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||
| Vulnerability Type: | CWE-94 | ||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Mon Jul 10 2006 - 12:43:43 CDT SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability Source: MITRE Type: CNA CVE-2006-1540 Source: CCN Type: SA21012 Microsoft Office String and Property Parsing Vulnerabilities Source: SECUNIA Type: Third Party Advisory 21012 Source: CCN Type: SECTRACK ID: 1015855 Microsoft Office Array Index Boundary Error Lets Remote Users Execute Arbitrary Code Source: SECTRACK Type: Exploit, Third Party Advisory, VDB Entry 1015855 Source: CCN Type: ASA-2006-135 Windows Security Updates for July 2006 - (MS06-033 - MS06-039) Source: CCN Type: Microsoft Security Bulletin MS11-096 Vulnerability in Microsoft Excel Could Allow Remote Code Execution (2640241) Source: CCN Type: Microsoft Security Bulletin MS12-028 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2639185) Source: CCN Type: Microsoft Security Bulletin MS12-029 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2680352) Source: CCN Type: Microsoft Security Bulletin MS12-057 Vulnerability in Microsoft Office Could Allow for Remote Code Execution (2731879) Source: CCN Type: Microsoft Security Bulletin MS12-064 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2742319) Source: CCN Type: Microsoft Security Bulletin MS12-065 Vulnerability in Microsoft Works Could Allow Remote Code Execution (KB2754670) Source: CCN Type: Microsoft Security Bulletin MS12-079 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2780642) Source: CCN Type: Microsoft Security Bulletin MS13-043 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2830399) Source: CCN Type: Microsoft Security Bulletin MS13-072 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2845537) Source: CCN Type: Microsoft Security Bulletin MS13-085 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080) Source: CCN Type: Microsoft Security Bulletin MS13-086 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2885084) Source: CCN Type: Microsoft Security Bulletin MS14-001 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2916605) Source: CCN Type: Microsoft Security Bulletin MS14-017 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (2949660) Source: CCN Type: Microsoft Security Bulletin MS14-034 Vulnerability in Microsoft Word Could Allow Remote Code Execution (2969261) Source: CCN Type: Microsoft Security Bulletin MS14-048 Vulnerability in OneNote Could Allow Remote Code Execution (2977201) Source: CCN Type: Microsoft Security Bulletin MS14-061 Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434) Source: CCN Type: Microsoft Security Bulletin MS14-069 Vulnerability in Microsoft Office Could Allow Remote Code Execution (3009710) Source: CCN Type: Microsoft Security Bulletin MS14-081 Vulnerabilities in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3017301) Source: CCN Type: Microsoft Security Bulletin MS14-083 Vulnerabilities in MicrosoftExcel Could Allow Remote Code Execution (3017347) Source: CCN Type: Microsoft Security Bulletin MS15-081 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3080790) Source: CCN Type: Microsoft Security Bulletin MS15-099 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (3089664) Source: CCN Type: Microsoft Security Bulletin MS15-110 Security Updates for Microsoft Office (3096440) Source: CCN Type: Microsoft Security Bulletin MS15-116 Security Updates for Microsoft Office to Address Remote Code Execution (3104540) Source: CCN Type: Microsoft Security Bulletin MS15-131 Security Update for Microsoft Office to Address Remote Code Execution (3116111) Source: CCN Type: Microsoft Security Bulletin MS16-004 Security Update for Microsoft Office to Address Remote Code Execution - Critical (3124585) Source: CCN Type: Microsoft Security Bulletin MS16-015 Security Update for Microsoft Office to Address Remote Code Execution (3134226) Source: CCN Type: Microsoft Security Bulletin MS16-029 Security Update for Microsoft Office to Address Remote Code Execution (3141806) Source: CCN Type: Microsoft Security Bulletin MS16-042 Security Update for Microsoft Office (3148775) Source: CCN Type: Microsoft Security Bulletin MS16-054 Security Update for Microsoft Office (3155544) Source: CCN Type: Microsoft Security Bulletin MS16-070 Security Update for Office (3163610) Source: CCN Type: Microsoft Security Bulletin MS16-088 Security Updates for Office (3170008) Source: CCN Type: Microsoft Security Bulletin MS16-099 Security Update for Office (3177451) Source: CCN Type: Microsoft Security Bulletin MS16-107 Security Update for Microsoft Office (3185852) Source: CCN Type: Microsoft Security Bulletin MS16-121 Security Update for Microsoft Office (3194063) Source: CCN Type: Microsoft Security Bulletin MS16-133 Security Update for Microsoft Office (3199168) Source: CCN Type: Microsoft Security Bulletin MS16-148 Security Update for Microsoft Office (3204068) Source: CCN Type: Microsoft Security Bulletin MS17-002 Security Update for Microsoft Office (3214291) Source: CCN Type: Microsoft Security Bulletin MS17-013 Security Update for Microsoft Graphics Component (4013075) Source: CCN Type: Microsoft Security Bulletin MS17-014 Security Update for Microsoft Office (4013241) Source: CCN Type: US-CERT VU#609868 Microsoft Office string parsing vulnerability Source: CERT-VN Type: Third Party Advisory, US Government Resource VU#609868 Source: CCN Type: Microsoft Security Bulletin MS06-038 Vulnerability in Microsoft Office Could Allow Remote Code Execution (917284) Source: CCN Type: Microsoft Security Bulletin MS06-048 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968) Source: CCN Type: Microsoft Security Bulletin MS06-062 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581) Source: CCN Type: Microsoft Security Bulletin MS07-015 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554) Source: CCN Type: Microsoft Security Bulletin MS08-016 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030) Source: CCN Type: Microsoft Security Bulletin MS08-055 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (955047) Source: CCN Type: Microsoft Security Bulletin MS10-036 Vulnerabilities in COM validation in Microsoft Office Could Allow Remote Code Execution (983235 Source: CCN Type: Microsoft Security Bulletin MS10-056 Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (2269638) Source: CCN Type: Microsoft Security Bulletin MS10-057 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (2269707) Source: CCN Type: Microsoft Security Bulletin MS10-079 Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (2293194) Source: CCN Type: Microsoft Security Bulletin MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2423930) Source: CCN Type: Microsoft Security Bulletin MS10-105 Vulnerabilities in Microsoft Office Graphics Filters Could Allow for Remote Code Execution (968095) Source: CCN Type: Microsoft Security Bulletin MS11-021 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2489279) Source: CCN Type: Microsoft Security Bulletin MS11-023 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (2489293) Source: CCN Type: Microsoft Security Bulletin MS11-045 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2537146) Source: CCN Type: Microsoft Security Bulletin MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2587505) Source: OSVDB Type: Broken Link 27150 Source: CCN Type: OSVDB ID: 27150 Microsoft Office MSO.DLL String Processing Overflow Source: BUGTRAQ Type: UNKNOWN 20060710 SYMSA-2006-007: Microsoft Office Malformed String Parsing Vulnerability Source: BID Type: Exploit, Third Party Advisory, VDB Entry 17252 Source: CCN Type: BID-17252 Microsoft Office XP Array Index Denial of Service Vulnerability Source: BID Type: Third Party Advisory, VDB Entry 18889 Source: CCN Type: BID-18889 Microsoft Office Malformed String Parsing Code Execution Vulnerability Source: CERT Type: Third Party Advisory, US Government Resource TA06-192A Source: VUPEN Type: Vendor Advisory ADV-2006-2756 Source: MS Type: UNKNOWN MS06-038 Source: XF Type: UNKNOWN office-string-bo(25678) Source: XF Type: Third Party Advisory, VDB Entry office-string-parse-bo(27607) Source: XF Type: Third Party Advisory, VDB Entry office-property-string-bo(27609) Source: OVAL Type: Third Party Advisory oval:org.mitre.oval:def:639 Source: EXPLOIT-DB Type: Third Party Advisory, VDB Entry 1615 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||