National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2005-4131 Detail

Current Description

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.

Source:  MITRE      Last Modified:  12/09/2005      View Analysis Description

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
(AV:N/AC:M/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable - Victim must voluntarily interact with attack mechanism
Access Complexity:
Not required to exploit
Impact Type:
Provides user account access, Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name External Source MISC External Source MISC External Source MISC External Source MISC External Source SREASON 584 External Source SREASON 591 External Source SECTRACK 1015333 External Source SECTRACK 1015766 External Source CONFIRM External Source MISC,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614 External Source MISC,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614 US Government Resource External Source CERT-VN VU#642428 External Source MS MS06-012 External Source BUGTRAQ 20060314 High Risk Vulnerability in Microsoft Excel External Source BUGTRAQ 20060315 [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution Patch External Source BID 15780 External Source MISC External Source MISC External Source MISC US Government Resource External Source CERT TA06-073A Vendor Advisory External Source VUPEN ADV-2006-0950 External Source XF excel-msvcrt-memmove-bo(23537)

Technical Details

Vulnerability Type (View All)

Change History 2 change records found - show changes