Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: New, Unpatched Office Vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New, Unpatched Office Vulnerability
Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Office.  It is currently being reported to target  only Microsoft Excel at this point.  However according to Microsoft's advisory:  "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable."  It has a CVE entry of CVE-2007-0671, although I could not find it in the database at this time and there is very limited information available.  The advisory applies to the following products:

Office 2000
Office XP
Office 2003
Office 2004 for Mac
Office 2004 v. X for Mac

Just keep reminding folks to exercise caution when opening attachments received via email or documents found on the internet. 

165 Posts
ISC Handler
Feb 3rd 2007

Sign Up for Free or Log In to start participating in the conversation!