New, Unpatched Office Vulnerability

Published: 2007-02-03
Last Updated: 2007-02-03 14:15:40 UTC
by Lorna Hutcheson (Version: 2)
0 comment(s)
Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Office.  It is currently being reported to target  only Microsoft Excel at this point.  However according to Microsoft's advisory:  "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable."  It has a CVE entry of CVE-2007-0671. McAfee has given the name Exploit-MSExcel.h to the malware that is known to currently target this new vulnerability.  The Microsoft advisory applies to the following products:

Office 2000
Office XP
Office 2003
Office 2004 for Mac
Office 2004 v. X for Mac

Just keep reminding folks to exercise caution when opening attachments received via email or documents found on the internet. 
0 comment(s)


Diary Archives