CVE-2006-1318

Microsoft Office - Remote Code Execution via Malformed Control in Document

Title source: llm
STIX 2.1

Description

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

References (1)

Core 1
Core References

Scores

EPSS 0.1546
EPSS Percentile 96.4%

Details

CWE
CWE-94
Status published
Products (4)
microsoft/office 2000 sp1 (2 CPE variants)
microsoft/office 2004
microsoft/office x
microsoft/office xp sp3
Published Sep 19, 2014
Tracked Since Feb 18, 2026