June 2006
Microsoft - Vulnerability in Excel Could Allow Remote Code Execution
ID: 00430
Ref: 03/06
Date: 20 June 2006:13:21:58
Version: 1
Title: Microsoft - Vulnerability in Excel Could Allow Remote Code Execution
Abstract: There have been a limited number of reports of attacks using the vulnerability which has been identified to affect some version of Microsoft Excel.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
Title
=====
Microsoft - Vulnerability in Excel Could Allow Remote Code Execution
Detail
======
Further to yesterday's UNIRAS Briefing, "418/06 - US-CERT Technical Cyber Security
Alert TA06-167A -- Microsoft Excel Vulnerability"
(http://www.niscc.gov.uk/niscc/docs/br-20060619-00429.html?lang=en),
Microsoft have released a security advisory relating to an unpatched Microsoft Excel
vulnerability.
There have been a limited number of reports of attacks using the vulnerability
which has been identified to affect Microsoft Excel 2003, Excel Viewer 2003, 2002,
Excel 2000, Microsoft Excel 2004 for Mac, and Microsoft Excel v. X for Mac.
In order for this vulnerability to be exploited, a user must open a malicious Excel file
received via an email attachment or downloaded from the Internet.
Microsoft's security advisory can be found by following the link below.
http://www.microsoft.com/technet/security/advisory/921365.mspx
It is strongly recommended that users do not open or save Microsoft Excel files received
from untrusted sources. UNIRAS will continue to monitor the situation.