Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - New, Unpatched Office Vulnerability InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New, Unpatched Office Vulnerability

Published: 2007-02-03
Last Updated: 2007-02-03 14:15:40 UTC
by Lorna Hutcheson (Version: 2)
0 comment(s)
Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Office.  It is currently being reported to target  only Microsoft Excel at this point.  However according to Microsoft's advisory:  "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable."  It has a CVE entry of CVE-2007-0671. McAfee has given the name Exploit-MSExcel.h to the malware that is known to currently target this new vulnerability.  The Microsoft advisory applies to the following products:

Office 2000
Office XP
Office 2003
Office 2004 for Mac
Office 2004 v. X for Mac


Just keep reminding folks to exercise caution when opening attachments received via email or documents found on the internet. 
Keywords:
0 comment(s)
Diary Archives