New Excel zero-day flaw used in attacks

Discussion in 'other security issues & news' started by ronjor, Jun 16, 2006.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,768
    Location:
    Texas
    Story
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    It's a spam-email and it's an email-attachment that needs to be opened. Not a very smart threat.
    Only 'dangerous' for people, who can't control their curiosity.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    From the Microsoft Excel 0-day Vulnerability FAQ
    http://blogs.securiteam.com/?p=451

    Sounds ominous, but nothing much new here really: installing of malware via remote code execution, albeit in a new guise.

    Security-minded people should already be protected from the installation of trojans/droppers by remote code execution:

    There are just too many effective ways of preventing this for anyone to be hit by it.



    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
Loading...
Thread Status:
Not open for further replies.