Microsoft Security Advisory (921365)

Discussion in 'news, general information and FAQs' started by NICK ADSL UK, Jun 24, 2006.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (921365)
    Vulnerability in Excel Could Allow Remote Code Execution
    Published: June 19, 2006

    Microsoft is investigating new public reports of limited “zero-day” attacks using a vulnerability in Microsoft Excel 2003, Excel Viewer 2003, Excel 2002, Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac. In order for this attack to be carried out, a user must first open a malicious Excel file attached to an e-mail or otherwise provided to them by an attacker.

    Opening the Excel document out of email will prompt the user to be careful about opening the attachment.

    As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit this vulnerability.

    More in http://www.microsoft.com/technet/security/...ory/921365.mspx
     
  2. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Revisions:
    • (June 21, 2006):

    Advisory revised to provide additional clarity around the “Impact of Workaround” under “On Excel 2003, prevent Excel Repair mode by modifying the Access Control List (ACL) to the Excel Resiliency registry key” in the “Workarounds for Microsoft Excel Remote Code Vulnerability” section and to update the “Advisory Status”.
     
Thread Status:
Not open for further replies.