Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac
In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.
While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.
http://www.microsoft.com/technet/security/advisory/932553.mspx
http://secunia.com/advisories/24008/
--------------------------
While we are touching on MS Office security, a Word 2000 exploit was released by xCuter on Milw0rm yesterday.
This exploit is related to Microsoft Security Advisory 932114 and NOT related to the new advisory outlined above.
No comments:
Post a Comment