Manage updates with the Download App
- Servers
- Desktops
- Laptops
- Tablet PCs
- PDAs
- Smart phones
- Digital cameras
- Camcorders
- Printers & multifunction devices
- Scanners
- Copiers
- Monitors & projectors
- Hard drives & burners
- Peripherals
- Productivity
- Accounting & finance
- Data management
- Graphics & publishing
- Web publishing
- Operating systems
- Security & utilities
- Downloads & trial software
- Handheld software
- Instant messaging
- Cell phones & plans
- Voice over Internet
- Telephones
- Routers & gateways
- Wireless networking
- Network adapters
- Internet access
- Web hosting
- Domain search
- Hotspot Zone
- Desktops
- Laptops
- Servers and storage
- PDAs
- Cell phones
- Monitors & projectors
- Printers
- Networking and wireless
- Security and utility software
- Productivity software
- Access, hosting, and services
- All business buying guides
Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays
CNET Security Center: Your complete source of antivirus and Internet security information.
Unspecified vulnerability in Microsoft Excel
Zero-day exploit targets Microsoft Excel spreadsheets.
By Robert Vamosi (July 5, 2006)
Just one day after Microsoft published its June 2006 security bulletins, criminal hackers exploited a previously unknown vulnerability within Microsoft Excel spreadsheet. They successfully used the exploit to attack at least one company.
Zero-day exploit targets Microsoft Excel spreadsheets.
By Robert Vamosi (July 5, 2006)
QUICK FACTS
Name: Unspecified vulnerability in Microsoft Excel
Date first reported: 6/15/06
Software vulnerable: All versions of Microsoft Excel
What it does: Allows remote attackers to execute arbitrary code on your PC
Recommendations: There is no workaround available. Do not open untrusted Office file attachments, nor should you follow Office file links from an untrusted Web site.
Exploit code available: Yes
Vendor patch available: MS06-037
Date first reported: 6/15/06
Software vulnerable: All versions of Microsoft Excel
What it does: Allows remote attackers to execute arbitrary code on your PC
Recommendations: There is no workaround available. Do not open untrusted Office file attachments, nor should you follow Office file links from an untrusted Web site.
Exploit code available: Yes
Vendor patch available: MS06-037
Microsoft says it is looking into the problem and is not expected to release a patch before the next scheduled Patch Tuesday, July 11, 2006. The good news is that security researchers say that in order to execute the exploit, a victim must first open the malicious file. Therefore, it is recommended that users of Excel not accept .xls files from untrusted sources, nor should they visit untrusted Web sites offering Excel files for download.
Additional Resources:
- Microsoft patch:MS06-037
- Mitre.org: CVE-2006-3059
- US-CERT Vulnerability: VU39444
- Secunia advisory: 20686
