Steven M. Christey
coley at linus.mitre.org
Mon Mar 5 11:33:52 EST 2007
On Mon, 5 Mar 2007, Steve Tornio wrote:
> I don't think this reference belongs in the entry, as I don't see any
> link between the Excel vulnerability and the WMF flaw referenced in the
> link. If I missed it, please correct me.
This is a good example of why I plan to make CVE's analysis field public
at some point. See below for what happened.
ALSO NOTE - the advisory that's returned on "FG-2006-30" is actually
labeled as FGA-2005-17 and talks about that WMF issue from December 2005.
So there's clearly something wrong with their web site on this, probably
as a result of the advisory name switch.
I filled out the form at http://www.fortiguardcenter.com/sendfeedback.php
under "Report a broken link or network issue". Maybe someone else could
fill out a similar complaint in a different category to maximize the
chance of success...
** REJECT **
DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-0028. Reason:
This candidate is a reservation duplicate of CVE-2007-0028. The
original assigner switched to a new CVE number. Notes: All CVE users
should reference CVE-2007-0028 instead of this candidate. All
references and descriptions in this candidate have been removed to
prevent accidental usage.
Acknowledged: yes advisory
Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac,
and Office v.X for Mac does not properly handle certain opcodes, which
allows user-assisted remote attackers to execute arbitrary code via a
crafted XLS file, which results in an "Improper Memory Access
Vulnerability." NOTE: an early disclosure of this issue used
CVE-2006-3432, but only CVE-2007-0027 should be used.
ACCURACY: FG-2006-30 was originally published and used CVE-2006-3432,
but Microsoft had updated all CVEs to 2007 numbers before disclosure.
After MS07-002 was published, FG-2006-30 was changed to FGA-2007-01,
and used the new CVE-2007-0027 identifier.
More information about the VIM