CVE-2006-3059

EXPLOITED

Microsoft Excel 2000-2004 - Remote Code Execution

Title source: llm

Exploitation Summary

CVE-2006-3059 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including naveed afzal.

AI-analyzed exploit summary This is a functional exploit for CVE-2006-3059, a remote code execution vulnerability in Microsoft Excel. It generates a malformed Excel file that triggers a stack-based buffer overflow via a crafted URL string, leading to arbitrary code execution.

Description

Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.

Exploits (1)

exploitdb WORKING POC VERIFIED

by naveed afzal · clocalwindows

https://www.exploit-db.com/exploits/1944

View Code ZIP pw:eip

This is a functional exploit for CVE-2006-3059, a remote code execution vulnerability in Microsoft Excel. It generates a malformed Excel file that triggers a stack-based buffer overflow via a crafted URL string, leading to arbitrary code execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Excel 2000 on Windows XP SP1 and Windows 2000 SP4

No auth needed

Prerequisites: Victim must open the malformed Excel file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (17)

Core 17

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/802324

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/437636/100/0/threaded

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-037

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A537

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27179

Various Sources x_refsource_misc

http://blogs.securiteam.com/?p=451

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/26527

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20686

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-167A.html

Various Sources x_refsource_misc

http://isc.sans.org/diary.php?storyid=1420

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1016316

Various Sources x_refsource_confirm

http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2755

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18422

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/437936/100/0/threaded

US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA06-192A.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2361

Scores

EPSS 0.7542

EPSS Percentile 98.9%

Details

VulnCheck KEV 2006-07-11

Status published

Products (5)

microsoft/excel 2000 (4 CPE variants)

microsoft/excel 2002 (4 CPE variants)

microsoft/excel 2003 (2 CPE variants)

microsoft/excel 2004

microsoft/excel_viewer 2003

Published Jun 17, 2006

Tracked Since Feb 18, 2026