CVE-2006-3014 Information

Description

Microsoft Excel allows user-assisted attackers to execute arbitrary javascript and redirect users to arbitrary sites via an Excel spreadsheet with an embedded Shockwave Flash Player ActiveX Object which is automatically executed when the user opens the spreadsheet.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2006-06/0414.html http://hackingspirits.com/vuln-rnd/vuln-rnd.html http://secunia.com/advisories/21865 http://secunia.com/advisories/22882 http://securitytracker.com/id?1016344 http://www.adobe.com/support/security/bulletins/apsb06-11.html http://www.securiteam.com/windowsntfocus/5TP0M0KIUA.html http://www.securityfocus.com/bid/18583 http://www.securityfocus.com/bid/19980 http://www.us-cert.gov/cas/techalerts/TA06-318A.html http://www.vupen.com/english/advisories/2006/3573 http://www.vupen.com/english/advisories/2006/3577 http://www.vupen.com/english/advisories/2006/4507 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-069 https://exchange.xforce.ibmcloud.com/vulnerabilities/27312 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A538