From US-CERT:
Microsoft has released Security Advisory 947563 to address a vulnerability in Excel. Successful exploitation could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the local user.
According to Security Advisory 947563:
- This vulnerability cannot be exploited on Microsoft Office Excel 2003 Service Pack 3, Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1, or Microsoft Excel 2008 for Mac.
- This vulnerability does not affect customers who are running Microsoft Office Excel 2003 Service Pack 2 and have deployed Microsoft Office Isolated Conversion Environment (MOICE).
As they are saying in their advisory:
Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel 2003. At this time, we are aware only of targeted attacks that attempt to use this vulnerability. Additionally, as the issue has not been publicly disclosed broadly, we believe the risk at this time to be limited.
I wouldn't say the risk is limited if you happen to be the target. This also means that the exploit isn't widespread and antimalware vendors don't have updated signatures.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment