Zero Day Exploit: MS Excel Allows Remote Code Execution
There is a zero day flaw found in Microsoft Excel and this vulnerability affects the following version:
Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002
Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac
What causes this threat ?
When a user opens a specially crafted Excel file and that has a malformed header information, the system encounters unspecified error, which can be exploited by malicious users and could lead to execution of arbitrary code.
According to Microsoft, there is an active attacks that currently exploits this vulnerabiltity. Thus, users are advised not to open untrusted Excel file.
Categories: Exploits, Vulnerability
Excel, mac hacks, mac security, mac virus, malicious, remote code execution, spyware, targetted attacks
The NVD entry:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3006
Noted, Thanks!
exploit-ms excel.h – file found on our system today.
What do we do to take care of it?
Hi Diane, do you still have a copy of exploit ms excel file ? If so, please zip it and password protect it with word “virus”. Here’s a good reference how to do it http://www.sheilds.org/article110.html.
Then send to meths101(at) optusnet (dot) com (dot) au. This will help me understand this threat and provide you idea how to clean up your machine.
Or could you provide further information like exact detection name (if you have), and MD5 hash..