Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Major updates to Excel 0-day Vulnerability FAQ at SecuriTeam Blogs
From: Juha-Matti Laurio <juha-matti.laurio@xxxxxxxx>
Date: Fri, 7 Jul 2006 05:31:28 +0300 (EEST)
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Several updates to First Microsoft Excel 0-day Vulnerability FAQ document at
http://blogs.securiteam.com/?p=451
has been done.

* Several exploits for this vuln and other Excel issues has been released 
recently

* PoC sample file Nanika.xls was posted to Bugtraq on Monday already
http://www.securityfocus.com/archive/1/438963/30/30/threaded

(NOTE: Several vendors see this as a separate vulnerability)

* New Trojan variant names added to the document

* Some other updates and fixes

Word ?First? to the FAQ document title was added in June to clarify the 
situation after several Excel vuln disclosures.

At time of writing new 'Nanika' issue uses Repair Mode too (and user 
interaction is needed).
There is no exact information is this a totally new type vulnerability, however.

- Juha-Matti

Prev by Date: Re: IBM AIX Security contact?
Next by Date: Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006)
Previous by thread: [USN-310-1] ppp vulnerability
Next by thread: Various heap and stack overflow bugs in AdPlug library 2.0 (CVS 04 Jul 2006)
Index(es):
- Date
- Thread