| Vulnerability Name: | CVE-2006-3014 (CCN-27312) | ||||||||
| Assigned: | 2006-06-20 | ||||||||
| Published: | 2006-06-20 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-20 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Tue Jun 20 2006 - 12:17:46 CDT Microsoft Excel File Embedded Shockwave Flash Object Exploit Source: FULLDISC Type: Exploit 20060620 Microsoft Excel File Embedded Shockwave Flash Object Exploit Source: MITRE Type: CNA CVE-2006-3014 Source: MISC Type: Exploit http://hackingspirits.com/vuln-rnd/vuln-rnd.html Source: CCN Type: SA21865 Adobe Flash Player Multiple Vulnerabilities Source: SECUNIA Type: Patch, Vendor Advisory 21865 Source: CCN Type: SA22882 Microsoft Windows Flash Player Multiple Vulnerabilities Source: SECUNIA Type: Vendor Advisory 22882 Source: CCN Type: SECTRACK ID: 1016344 Microsoft Excel `Shockwave Flash Object` Lets Remote Users Execute Code Automatically Source: SECTRACK Type: UNKNOWN 1016344 Source: CCN Type: ASA-2006-253 Microsoft Security Bulletin Summary for November 2006 (MS06-66 - MS06-71) Source: CCN Type: Microsoft Knowledge Base Article 240797 How to stop an ActiveX control from running in Internet Explorer Source: CCN Type: Adobe Web site Adobe Flash Player Download Center Source: CCN Type: Adobe Product Security Bulletin APSB06-11 Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions Source: CONFIRM Type: UNKNOWN http://www.adobe.com/support/security/bulletins/apsb06-11.html Source: CCN Type: Microsoft Security Bulletin MS06-069 Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789) Source: MISC Type: UNKNOWN http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html Source: BID Type: Exploit 18583 Source: CCN Type: BID-18583 Microsoft Office Embedded Shockwave Flash Object Security Bypass Weakness Source: BID Type: Patch 19980 Source: CCN Type: BID-19980 Adobe Flash Player Multiple Remote Code Execution Vulnerabilities Source: CCN Type: TLSA-2006-26 Multiple vulnerabilities in flash-player Source: CERT Type: US Government Resource TA06-318A Source: VUPEN Type: Vendor Advisory ADV-2006-3573 Source: VUPEN Type: Vendor Advisory ADV-2006-3577 Source: VUPEN Type: Vendor Advisory ADV-2006-4507 Source: MS Type: UNKNOWN MS06-069 Source: XF Type: UNKNOWN excel-shockwave-code-execution(27312) Source: XF Type: UNKNOWN excel-shockwave-code-execution(27312) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:538 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||