Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: MS Office vulnerabilities (-058, -059, -060, -062) - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS Office vulnerabilities (-058, -059, -060, -062)
There are four advisories for Microsoft Office this month.  All of them appear to be standard client-side vulnerabilities.  So the exploitation model is someone evil sends a document (of the affected type) with an exploit buried inside and if the exploit works, the attacker gets the privileges of the user opening the document.  These types of bugs have been very popular lately.

MS06-058: Four vulnerabilities in PowerPoint that were reported privately.  Exploit code and details have not been released yet.

MS06-059: Four vulnerabilities in Excel.  Two of these have had proof of concept exploit code posted publicly already; the other two vulnerabilities were privately reported to Microsoft.

MS06-060: Four vulnerabilities in Word.  Two of these have been publicly disclosed already; the other two vulnerabilities were privately reported to Microsoft.

MS06-062: Three vulnerabilities in Office and Publisher that were reported privately.  Exploit code and details have not been released yet.

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!