Be careful with untrusted Excel spreadsheets in email 1589
-
Excel is widely used by many of us to evaluate or analyze data. I’d like to briefly share a warning related to the use of Excel as there are currently 3 unpatched vulnerabilities that will most likely be addressed in the July MS updates
The ISC has a good summary today of in-the-wild and POC exploits associated with the 3 areas of risk. These are not prevelent in the wild and staying up-to-date on AV protection will help. Most importantly, avoid all untrusted documents or URLs in email.
Unpatched Excel Vulnerabilities - Latest news
incidents.org/diary.php?storyid=1444
To help clearly identify the issues, exploit code and remedy related to the recently announce Excel vulnerabilities, I offer this humble correlation. This information comes from Microsoft, Mitre, and vigilant readers sending in tips. My thanks go to all.
CVE-2006-3059 aka ‘Excel Repair Mode’ microsoft.com/technet/security/advisory/921365.mspx
Exploited by: Mdropper.G, Booli.A, Flux.E, Booli.B
CVE-2006-3086 aka ‘Long Hyperlink’ CVE-2006-3014 aka ‘Shockwave vulnerability’
Exploited by proof of concept code Flemex.A
The workaround is a killbit
-
THanks for the post.