Microsoft Excel URL unicode buffer overflow

Added: 06/21/2006
CVE: CVE-2006-3086
BID: 18500
OSVDB: 26666


Microsoft Excel, part of the Microsoft Office product suite, is a spreadsheet application for Windows platforms.


A buffer overflow in Excel when processing long URL strings allows command execution when a user clicks on a specially crafted link within a spreadsheet.


Do not open Excel files from untrusted sources.



Exploit works on Microsoft Excel 2002. In order for exploitation to occur, a user must download and open the exploit file and click on the Click Here link. Note that on Windows XP, a pop-up window comes up after the click, and the user must click on either button to trigger the exploit.


Windows 2000
Windows XP

Back to exploit index