Vulnerability Description
Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, which is automatically executed when the user opens the spreadsheet.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Excel | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.htmlExploit
- http://hackingspirits.com/vuln-rnd/vuln-rnd.htmlExploit
- http://secunia.com/advisories/21865PatchVendor Advisory
- http://secunia.com/advisories/22882Vendor Advisory
- http://securitytracker.com/id?1016344
- http://www.adobe.com/support/security/bulletins/apsb06-11.html
- http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html
- http://www.securityfocus.com/bid/18583Exploit
- http://www.securityfocus.com/bid/19980Patch
- http://www.us-cert.gov/cas/techalerts/TA06-318A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2006/3573Vendor Advisory
- http://www.vupen.com/english/advisories/2006/3577Vendor Advisory
- http://www.vupen.com/english/advisories/2006/4507Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-06
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27312
FAQ
What is CVE-2006-3014?
CVE-2006-3014 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object, wh...
How severe is CVE-2006-3014?
CVE-2006-3014 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3014?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel.