Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Excel Issue Scorecard

Published: 2006-06-25
Last Updated: 2006-06-25 01:00:02 UTC
by Kevin Liston (Version: 2)
0 comment(s)
To help clearly identify the issues, exploit code and remedy related to the recently announce Excel vulnerabilities, I offer this humble correlation.  This information comes from Microsoft, Mitre, and vigilant readers sending in tips.  My thanks go to all.

CVE-2006-3059 aka "Excel Repair Mode" http://www.microsoft.com/technet/security/advisory/921365.mspx
Exploited by: Mdropper.G, Booli.A, Flux.E, Booli.B

CVE-2006-3086 aka "Long Hyperlink"   http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
Exploited by: Urxcel.A, and three known public exploit code examples

CVE-2006-3014 aka "Shockwave vulnerability"
Exploited by proof of concept code Flemex.A
The workaround is a killbit
Keywords:
0 comment(s)
Diary Archives