Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2006-1540

MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.747
EPSS Ranking 98.8%
CVSS Severity
CVSS v2 Score 9.3
References
Products affected by CVE-2006-1540
  • Microsoft » Office » Version: N/A
    cpe:2.3:a:microsoft:office:-
  • Microsoft » Office » Version: 16.0.14326.21330
    cpe:2.3:a:microsoft:office:16.0.14326.21330
  • Microsoft » Office » Version: 16.0.14326.21606
    cpe:2.3:a:microsoft:office:16.0.14326.21606
  • Microsoft » Office » Version: 16.0.14326.22618
    cpe:2.3:a:microsoft:office:16.0.14326.22618
  • Microsoft » Office » Version: 16.0.16026.20172
    cpe:2.3:a:microsoft:office:16.0.16026.20172
  • Microsoft » Office » Version: 16.0.16130.20156
    cpe:2.3:a:microsoft:office:16.0.16130.20156
  • Microsoft » Office » Version: 16.0.16827.20138
    cpe:2.3:a:microsoft:office:16.0.16827.20138
  • Microsoft » Office » Version: 16.0.19127.20000
    cpe:2.3:a:microsoft:office:16.0.19127.20000
  • Microsoft » Office » Version: 16.0.19220.20000
    cpe:2.3:a:microsoft:office:16.0.19220.20000
  • Microsoft » Office » Version: 16.0.19328.20000
    cpe:2.3:a:microsoft:office:16.0.19328.20000
  • Microsoft » Office » Version: 2.70.23021003
    cpe:2.3:a:microsoft:office:2.70.23021003
  • Microsoft » Office » Version: 2000
    cpe:2.3:a:microsoft:office:2000
  • Microsoft » Office » Version: 2001
    cpe:2.3:a:microsoft:office:2001
  • Microsoft » Office » Version: 2002
    cpe:2.3:a:microsoft:office:2002
  • Microsoft » Office » Version: 2003
    cpe:2.3:a:microsoft:office:2003
  • Microsoft » Office » Version: 2004
    cpe:2.3:a:microsoft:office:2004
  • Microsoft » Office » Version: 2007
    cpe:2.3:a:microsoft:office:2007
  • Microsoft » Office » Version: 2008
    cpe:2.3:a:microsoft:office:2008
  • Microsoft » Office » Version: 2010
    cpe:2.3:a:microsoft:office:2010
  • Microsoft » Office » Version: 2011
    cpe:2.3:a:microsoft:office:2011
  • Microsoft » Office » Version: 2013
    cpe:2.3:a:microsoft:office:2013
  • Microsoft » Office » Version: 2013_rt
    cpe:2.3:a:microsoft:office:2013_rt
  • Microsoft » Office » Version: 2016
    cpe:2.3:a:microsoft:office:2016
  • Microsoft » Office » Version: 2019
    cpe:2.3:a:microsoft:office:2019
  • Microsoft » Office » Version: 2021
    cpe:2.3:a:microsoft:office:2021
  • Microsoft » Office » Version: 3.0
    cpe:2.3:a:microsoft:office:3.0
  • Microsoft » Office » Version: 4.0
    cpe:2.3:a:microsoft:office:4.0
  • Microsoft » Office » Version: 4.3
    cpe:2.3:a:microsoft:office:4.3
  • Microsoft » Office » Version: 95
    cpe:2.3:a:microsoft:office:95
  • Microsoft » Office » Version: 97
    cpe:2.3:a:microsoft:office:97
  • Microsoft » Office » Version: 98
    cpe:2.3:a:microsoft:office:98
  • Microsoft » Office » Version: v.x
    cpe:2.3:a:microsoft:office:v.x
  • Microsoft » Office » Version: xp
    cpe:2.3:a:microsoft:office:xp


Products
Pricing
Contact Us

Shodan ® - All rights reserved