Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] Excel Gets THIRD Exploit

__/ [ BearItAll ] on Thursday 22 June 2006 09:40 \__

> Roy Schestowitz wrote:
> 
>> Third Microsoft Excel attack posted
>> 
>> ,----[ Quote ]
>> | Excel users have one more reason to worry. On Tuesday, a hacker
>> | published code that takes advantage of an unpatched flaw in the
>> | Microsoft spreadsheet software, the third such exploit to be disclosed
>> | in the past week.
>> `----
>> 
>>
>
http://www.networkworld.com/news/2006/062106-third-microsoft-excel-attack.html
>> 
>> As I said before, this will cease to happen when Excel gets Aero Glass, so
>> the future looks bright. For OpenOffice.
> 
> 
> This sort of thing concidering the time Excel has been out, if it has taken
> hackers this long to find the flaw it must be a real converluted affair.
> Stand on one leg with your finger in your ear on summer solstis and there
> is an exploit.


*smile*


> I suspect we will have a few of those in Linux.


The level of serverity is what makes these inexcusable. They
compromise  your computer -- your very own bread and  water.
They affect other people on the network, quite naturally, in
turn.

As  a  Microsoft  developer recently  confessed,  there  are
dozens  of  dependencies  among modules, some of  which  are
circular.  This  explains  why testing is  slow,  unreliable
(incomplete),  and  prone to breakage (of  other  components
too).

The  Linux  kernel  will not permit this, not  even  if  you
carefully  construct  and  exploit  that  is  based   memory
glitches  (e.g.  buffer overflow). The  X.org  vulnerability
(missing quotes) comes to mind and it's extremely rare. Like
the  Ubuntu 5 negligence, it also requires that the attacker
is  a  local user with full user account privileges.  Unless
you  becomes  rather  mad and ponder about  chaining  memory
overflows, e.g. exploiting Web browser loopholes, as well as
something  that  resides near the kernel (IE is bad  due  to
proximity to the center, including setups, filesystem and so
forth)...

Best wishes,

Roy

-- 
Roy S. Schestowitz      |    "Error, no keyboard - press F1 to continue"
http://Schestowitz.com  | Free as in Free Beer ¦  PGP-Key: 0x74572E8E
Cpu(s):  20.4% user,   3.7% system,  18.4% nice,  57.6% idle
      http://iuron.com - semantic engine to gather information

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index