Excel zero day in the wild

From: Incidents Moderators <modincidents@xxxxxxxxxxxxxxxxx>
Date: Fri, 16 Jun 2006 12:26:37 -0600 (MDT)

There has been a report of a targeted attack leveraging a previously unknown vulnerability in Microsoft Excel. The vulnerability is triggered when a user opens a malicious xls file. Further information regarding this incident is available from the following sources.

Microsoft Excel Unspecified Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/18422

Trojan.Mdropper.J
http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.j.html

Downloader.Booli.A
http://securityresponse.symantec.com/avcenter/venc/data/downloader.booli.a.html

Reports of a new vulnerability in Microsoft Excel
http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx

-Josh

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29. August 3 in Las Vegas. World renowned security experts reveal tomorrow.s threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------------

Prev by Date: Re: Website Defacement
Next by Date: Re: Excel zero day in the wild
Previous by thread: 0day worm spreading through Yahoo webmail
Next by thread: Re: Excel zero day in the wild
Index(es):
- Date
- Thread

Relevant Pages

[NT] Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (MS06-037)
... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution ... an attacker who successfully exploited this ... vulnerability could take complete control of the client workstation. ...
(Securiteam)
[NT] Microsoft Visual Basic for Applications Multiple Vulnerabilities (MS08-057)
... Get your security news from a reliable source. ... Microsoft Excel 2000 SP3 ... attacker must persuade a user to open a specially crafted Office document. ... This allows attackers to exploit this vulnerability without user ...
(Securiteam)
New CVE number states Excel Style handling as a separate issue
... New CVE document ... published recently confirms the information that Microsoft Excel Style handling vulnerability aka Nanika.xls issue is a separate vulnerability. ... This vulnerability mentioned affects only to Simplified Chinese, Traditional Chinese, Japanese and Korean versions of Excel. ... This information has been updated to my First Microsoft Excel 0-day Vulnerability FAQ document at SecuriTeam Blogs. ...
(Bugtraq)
[Full-disclosure] New CVE number states Excel Style handling as a separate issue
... published recently confirms the information that Microsoft Excel Style handling vulnerability aka Nanika.xls issue is a separate vulnerability. ... This vulnerability mentioned affects only to Simplified Chinese, Traditional Chinese, Japanese and Korean versions of Excel. ... This information has been updated to my First Microsoft Excel 0-day Vulnerability FAQ document at SecuriTeam Blogs. ... is listed in the upcoming security bulletin to clarify the situation. ...
(Full-Disclosure)
Re: Starting a Pen-Testing Career
... Perhaps my perceptions of the business are a bit naive, ... Buinsesses don't care about security and vulnerabilty and exposure. ... How else would they be able to provide such a report in isolation - ... written vulnerability scanner' to produce reports. ...
(alt.computer.security)