Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: InfoSec Handlers Diary Blog - Excel Issue Scorecard InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Excel Issue Scorecard

Published: 2006-06-25
Last Updated: 2006-06-25 01:00:02 UTC
by Kevin Liston (Version: 2)
0 comment(s)
To help clearly identify the issues, exploit code and remedy related to the recently announce Excel vulnerabilities, I offer this humble correlation.  This information comes from Microsoft, Mitre, and vigilant readers sending in tips.  My thanks go to all.

CVE-2006-3059 aka "Excel Repair Mode"
Exploited by: Mdropper.G, Booli.A, Flux.E, Booli.B

CVE-2006-3086 aka "Long Hyperlink"
Exploited by: Urxcel.A, and three known public exploit code examples

CVE-2006-3014 aka "Shockwave vulnerability"
Exploited by proof of concept code Flemex.A
The workaround is a killbit
0 comment(s)
Diary Archives