« Workarounds for Excel 'Zero-Day' Flaw | Blog Home | Spybot S&D definitions update »

Zero-Day MS Excel Vulnerabilities Being Exploited

Here are two reports about unpatched Excel flaws from Secunia.

1: Microsoft Excel Repair Mode Code Execution Vulnerability
http://secunia.com/advisories/20686/

Secunia Advisory: SA20686
Advisory Release Date: 2006-06-16
Last Update: 2006-06-20

Critical: Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround

Software:
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office X for Mac
Microsoft Office XP

CVE reference: CVE-2006-3059

Description:
A vulnerability has been discovered in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a memory corruption error in the "repair mode" functionality used for repairing corrupted documents. This can be exploited via a specially crafted Excel documents.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully updated Windows XP SP2 system with Microsoft Excel 2003 SP2. Other versions may also be affected.

NOTE: This vulnerability is a so-called 0-day and is already being actively exploited.

Solution:
Don't open untrusted Excel documents.

The vendor has published various workarounds (see vendor advisory).

Provided and/or discovered by:
Discovered in the wild.

Changelog:
2006-06-20: Added additional information from Microsoft. Added CVE reference. Updated "Solution" section by referring to vendor workarounds.

Original Advisory:
Microsoft: http://www.microsoft.com/technet/security/advisory/921365.mspx http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx


2: Microsoft Windows Hyperlink Object Library Buffer Overflow
http://secunia.com/advisories/20748/

Secunia Advisory: SA20748
Advisory Release Date: 2006-06-20
Last Update: 2006-06-22

Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched

OS:
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

CVE reference: CVE-2006-3086

Description:
kcope has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in hlink.dll within the handling of Hyperlinks in e.g. Excel documents. This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted Hyperlink in a malicious Excel document.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched Windows XP SP2 system running Microsoft Excel 2003 SP2. Other versions and products using the vulnerable library may also be affected.

Solution:
Do not open untrusted Microsoft Office documents.

Do not follow links in Microsoft Office documents.

Provided and/or discovered by: kcope

Changelog:
2006-06-22: Added CVE reference. Added link to US-CERT vulnerability note. Added various Windows versions as vulnerable instead of Office products.

Original Advisory:
Microsoft: http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx

Other References:
US-CERT VU#394444: http://www.kb.cert.org/vuls/id/394444

Microsoft has offered some workarounds, which I have listed on this blog page.

Also, see this Microsoft Advisory for the latest information and workarounds.

Get Norton 360

Posted by Wiz on June 22, 2006 12:58 PM |

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Use OpenDNS

Add to Technorati Favorites

Fight website spammers

Search


About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.

MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days. Pay $39.95 US once, for a lifetime license, with free upgrades.

Get Reliable Web Hosting

BlueHost Web Hosting $6.95

Do you want reliable, yet affordable shared website hosting, with US based phone, email and live chat tech support? If so, you should consider signing up with BlueHost. You can host Unlimited Domains and sub-domains on one account, each complete with their own FTP and Email Accounts. You get unlimited disk space, data transfer & databases, plus dozens of free secured scripts that are easy to install with a few clicks. cPanel Pro control panels support all current web technologies, logs and scripts. All new and transfer accounts are entitled to 1 free domain name and a $50 Google AdWords credit. Pay just $6.95/month, for 2 or 3 years, prepaid. No setup fee and a 30-day money back guarantee. Sign-up with BlueHost Here

Recent Posts

Popular Posts

Categories

Wizcrafts main pages

Wizcrafts Home Page
Security Alerts
Frequently Asked Questions
Website Hosting Solutions
Links and Resources
MailWasher Pro Spam Filter
Networking Fundamentals
About Computer RAM & Upgrades
Webmaster Services
Wizcrafts' Site Map

Anti-Spyware Tools

A-squared HiJackFree
A-squared Trojan remover
AboutBuster
Ad-Aware Free
Avira AntiVir Free Anti Virus
AVG Free Anti Virus
CWShredder
HijackThis
MalwareBytes AntiMalware
Rogue Anti-Spyware list
Trend Micro RUBotted
Secunia Software Inspector
SiteAdvisor Toolbar
Spybot Search & Destroy
Spyware Blaster
Strider URL Tracer
Trend Micro Internet Security
US-CERT.gov
Windows Defender
Windows Live OneCare Scanner
ZoneAlarm Pro Firewall

Spyware Removal Forums

A-Squared Malware Removal Forums
AVG-Free Self Help Forums
Bleeping Computer HijackThis Logs and Analysis
Bleeping Computer Spyware Removal Guides
Geeks To Go Forums
MailWasher Pro Forums
MajorGeeks Forums
MBAM Malware Removal Forum
Safer Networking Forums
Spybot S&D Malware Removal Forum
Spywareinfo Forums
SpywareWarrior Forums
TomCoyote Forums
Wilders Security Forums

Archives

Subscribe to this blog's feed
[What is this?]
Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by
Movable Type 4.32-en

Start your blog today