 |
Arbitrary code execution vulnerability in Microsoft Excel |
06/16/2006 |
Overview
A vulnerability has been discovered in Microsoft Excel that allows
a malicious attacker to execute arbitrary code on the affected system.
Severity
|
|
This vulnerability is locally and remotely exploitable. |
Affected Systems
Microsoft Windows Excel 2000
Microsoft Windows Excel 2002
Microsoft Windows Excel 2003
Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Recommendations
The C5 Security Lab engineers are not aware of any patches released by
the vendor. We recommend you not to open Excel files received from
untrusted sources and update your antivirus.
Technical Details
A vulnerability has been discovered in Microsoft Excel that allows
a malicious attacker to execute arbitrary code on the affected system.
An attacker could take complete control of the affected system. The
flaw is in the way Microsoft Excel processes specially crafted Excel
files. The vulnerability is currently being exploited by
Trojan.Mdropper.J which drops Downloader.Booli.A on the affected system.
Sources
http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx
http://isc.sans.org/diary.php?storyid=1420&rss
Sudhir Gandhe
SEC Labs Engineer, C5 Security Labs
seclabs@secure-elements.com
© 2006 Secure Elements All Rights Reserved