Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog - New Excel 0day (Are we evolving or going in circles?) InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Excel 0day (Are we evolving or going in circles?)

Published: 2006-06-20
Last Updated: 2006-06-20 16:05:34 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
(Now before I get hatemail from all the Microsoft fanboys out there, please note that these comments are not derogatory towards Microsoft.  Microsoft has like 110% market share according to their research, so that's why they get all the attention.)

Today there is news of another 0day vulnerability in Microsoft Office.  You can check your favorite vulnerability notification service for all the gory details.  Someone wrote asking for comments and honestly I don't have any step-by-step instructions for defending against this specific threat.  All of the general high-level recommendations from the MS Word 0day a couple of weeks ago still apply.  Perhaps we will have something more detailed later when the details are more clear.

Instead, here are some thoughts about the current state of vulnerability discoveries.  If you have followed along with the industry in the last couple of years, you have probably noticed that remote root/administrator type of bugs have slowly disappeared and now seem to be fairly rare.  Most vulnerability researchers that are publishing advisories now seem to focus on web applications and clients (web browsers, Office, etc).  I am honestly expecting to see a healthy stream of client vulnerabilities in Office applications over the next 2-3 years.  Several years ago, nobody cared too much about exploitable bugs in client side applications because remote bugs were still readily available.  Of course, given the recent media attention about the MS Word 0day exploit, alot of vulnerability researchers are now hitting Word with every available fuzzer that they have.

So now we have a scenario where there will be a good number of 0day vulnerabilities discovered in client-side applications like MS Office and OpenOffice.  Users will be advised not to open documents from unknown persons.  So have we evolved?  Or have we just jumped back in time ten years when every aspiring script kiddie was writing VBA Macro viruses?

Keep reading for another article about 0day...
0 comment(s)
Diary Archives