__/ [ Roy Culley ] on Tuesday 20 June 2006 13:17 \__
> http://secunia.com/advisories/20748/
>
> CRITICAL:
> Highly critical
>
> <snip >
> DESCRIPTION:
> kcope has discovered a vulnerability in Microsoft Excel, which can be
> exploited by malicious people to compromise a vulnerable system.
>
> The vulnerability is caused due to a boundary error in hlink.dll
> within the handling of Hyperlinks in e.g. Excel documents. This can be
> exploited to cause a stack-based buffer overflow by tricking a user
> into clicking a specially crafted Hyperlink in a malicious Excel
> document.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability has been confirmed in Microsoft Excel 2003 SP2
> (fully updated). Other versions and Office products may also be
> affected.
>
> NOTE: Secunia is currently not aware of this vulnerability being
> actively exploited and working exploit code is not currently publicly
> available. However, the vulnerability is quite simple to exploit and
> it is therefore likely that exploit code is published soon.
>
> SOLUTION:
> Do not open untrusted Microsoft Office documents.
>
> Do not follow links in Microsoft Office documents.
>
> Better get patching wintrolls. Oops, you can't. Better remove MS
> Office and upgrade to OO.o. :-)
No need to PANIC! Vista will fix everything. Aero Glass will defend Excel
from all these ills and nasties.
http://biz.yahoo.com/ap/060619/excel_vulnerability.html?.v=1
Microsoft: Spreadsheet Program Vulnerable
Computers can be pwned. More SPAM and DDOS attacks worldwide.
Best wishes,
Roy
--
Roy S. Schestowitz
http://Schestowitz.com | GNU/Linux ¦ PGP-Key: 0x74572E8E
1:25pm up 53 days 18:39, 12 users, load average: 1.99, 2.07, 2.07
http://iuron.com - next generation of search paradigms
|
|
