Status Tracking Note TRTA06-167A

Microsoft Excel Vulnerability

Overview

An unspecified vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code on a vulnerable system.
Event Information


Date (UTC)Description
2006-07-11 Microsoft
MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)
Vulnerability Fixed (CVE-2006-1301, CVE-2006-1302, CVE-2006-1304, CVE-2006-1306, CVE-2006-1308, CVE-2006-1309, CVE-2006-2388, CVE-2006-3059)
2006-06-27 22:30 Full-disclosure
[Full-disclosure] "Microsoft Office Excel 2003" Hlink Stack/SEH Overflow Exploit
a proof-of-concept code for this vulnerability
2006-06-23 05:59 JPCERT/CC
JPCERT-AT-2006-0009: Microsoft Excel Vulnerabilities
2006-06-22 04:40 Full-disclosure
[Full-disclosure] MS Excel Remote Code Execution POC Exploit
a proof-of-concept code for this vulnerability (CVE-2006-3059)
#Cid: 18500.c
#Tested: Excel 2000 on Windows XP SP1
#Tested: Excel 2000 on Windows 2000 SP4
2006-06-22 US-CERT
Public Exploit Code for Unpatched Vulnerability in MS Office Hyperlink Object Library
Vulnerability(CVE-2006-3086,VU#394444)
US-CERT is aware of publicly available exploit code for an unpatched buffer overflow vulnerability in Microsoft Hyperlink Object Library (HLINK.DLL). By persuading a user to access a specially crafted hyperlink in an email message or MS Office document, a remote attacker may be able to execute arbitrary code with the privileges of the user.
2006-06-20 17:17 Full-disclosure
[Full-disclosure] Microsoft Excel File Embedded Shockwave Flash Object Exploit
a proof-of-concept code for this vulnerability (CVE-2006-3014)
#Cid: xls-embed-swf-expl.zip
2006-06-20 16:05 SANS Internet Storm Center
New Excel 0day (Are we evolving or going in circles?)
Today there is news of another 0day vulnerability in Microsoft Office.
2006-06-20 11:17 Microsoft Security Response Center Blog
Information on Proof of Concept posting about hlink.dll
I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel's processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know information we have based on that investigation. First, I want to be clear that this proof of concept code and not an attack. We're not aware of any attacks based on this code based on our work with our Microsoft Security Response Alliance partners. Second, our investigation so far has shown that while the posting claims this is a vulnerability in Excel, it actually is a vulnerability in hlink.dll which is a Windows component that handles operations involving hyperlinks. (snip)
2006-06-20 06:33 Trend Micro
TROJ_EMBED.AN
2006-06-19 Microsoft
Microsoft Security Advisory (921365): Vulnerability in Excel Could Allow Remote Code Execution
Via Microsoft Mailing List
2006-06-18 20:50 Full-disclosure
[Full-disclosure] ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME***
a proof-of-concept code for this vulnerability (CVE-2006-3086)
#Cid: excelsexywarez.pl
2006-06-17 00:58 US-CERT
TA06-167A: Microsoft Excel Vulnerability
Via US-CERT Mailing List
2006-06-16 17:16 SANS Internet Storm Center
Reports of Excel 0-Day
Microsoft has received a report of a new 0-day vulnerability involving Excel.
2006-06-16 12:09 Microsoft Security Response Center Blog
Reports of a new vulnerability in Microsoft Excel
We've received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel.
2006-06-16 US-CERT
Active Exploitation of a Vulnerability in Microsoft Excel
US-CERT is aware of active exploitation of a new vulnerability in Microsoft Excel. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running Excel.
2006-06-14 Symantec
Trojan.Mdropper.J
Trojan.Mdropper.J is a Trojan horse that drops Downloader.Booli.A on the compromised computer. It exploits an undocumented vulnerability in Microsoft Excel.

Reference

Date first published (UTC): 2006-06-17T03:13+00:00
Date last updated (UTC): 2006-07-17T20:35+00:00
Valid HTML 4.01!