CVE-2006-3014: Input Validation
First published: Thu Jun 22 2006(Updated: )
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Office Excel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html
- http://hackingspirits.com/vuln-rnd/vuln-rnd.html
- http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
- http://www.securityfocus.com/bid/18583
- http://securitytracker.com/id?1016344
- http://www.adobe.com/support/security/bulletins/apsb06-11.html
- http://secunia.com/advisories/21865
- http://www.securityfocus.com/bid/19980
- http://secunia.com/advisories/22882
- http://www.us-cert.gov/cas/techalerts/TA06-318A.html
- http://www.vupen.com/english/advisories/2006/4507
- http://www.vupen.com/english/advisories/2006/3577
- http://www.vupen.com/english/advisories/2006/3573
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A538
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069
Frequently Asked Questions
What is the severity of CVE-2006-3014?
CVE-2006-3014 is considered a critical vulnerability as it allows execution of arbitrary JavaScript and can lead to redirecting users to malicious sites.
How do I fix CVE-2006-3014?
To mitigate CVE-2006-3014, users should ensure their Microsoft Excel software is updated to the latest version with security patches applied.
Who is affected by CVE-2006-3014?
CVE-2006-3014 affects users of Microsoft Excel, particularly those using versions that support the Shockwave Flash Player ActiveX Object.
What types of attacks leverage CVE-2006-3014?
Attackers can leverage CVE-2006-3014 to execute malicious JavaScript embedded in Excel spreadsheets, potentially leading to phishing and malware infections.
Can CVE-2006-3014 be exploited without user interaction?
Exploitation of CVE-2006-3014 requires user interaction, as the vulnerability is triggered when a user opens the specially crafted Excel spreadsheet.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft office excel