Panda: Malicious code exploits Excel flaw

- Malicious code exploits
undocumented Excel vulnerability -
Virus Alerts, by Panda Software (http://www.pandasoftware.com)​

Madrid, June 19 2006 - PandaLabs has discovered a malicious code that takes advantage of an Excel vulnerability. This flaw causes an unknown error and could allow an attacker to download and run code.

To do this, the attacker sends the target user an Excel file that runs the exploit code and downloads a Trojan, detected as Trj/Downloader.JFN, which in turn tries to download another file. This vulnerability can be used in the future to download any other executable file. As there is no documentation or security patch to fix this flaw, it is possible that other malicious code may appear in the next few hours that take advantage of this vulnerability.

Panda Software's TruPrevent Technologies (TM) neutralize the effects of any files prepared to exploit this vulnerability, and also detect and block Downloader.JFN without the need for signature updates.

 

This looks similar to MS06-027 Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336).

Edit:
More info on Microsoft Security Advisory (921365)
Microsoft Excel 0-day Vulnerability FAQ

 

Oh is it? This exploit is already days old!

 

They might as well have said "PandaLabs discovers the same thing as the other ones, only a few days later".