[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
UNIRAS Brief - 418/06 - US-CERT Technical Cyber Security Alert TA06-167A -- Microsoft Excel Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
- ----------------------------------------------------------------------------------
UNIRAS (UK Govt CERT) Briefing Notice - 418/06 dated 19.06.06 Time: 11:00
UNIRAS is part of NISCC (National Infrastructure Security Co-ordination Centre)
- ----------------------------------------------------------------------------------
UNIRAS material is also available from its website at www.uniras.gov.uk and
Information about NISCC is available from www.niscc.gov.uk
- ----------------------------------------------------------------------------------
Title
=====
US-CERT Technical Cyber Security Alert TA06-167A -- Microsoft Excel Vulnerability
Detail
======
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-167A
Microsoft Excel Vulnerability
Original release date: June 16, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Excel 2003
* Microsoft Excel XP (2002)
* Microsoft Excel for Mac
Microsoft Excel is included with Microsoft Office. Other versions of
Excel, and other Office programs may be affected or act as attack
vectors.
Overview
An unspecified vulnerability in Microsoft Excel could allow an
attacker to execute arbitrary code on a vulnerable system.
I. Description
Microsoft Excel contains an unspecified vulnerability. Opening a
specially crafted Excel document, including documents hosted on web
sites or attached to email messages, could trigger the vulnerability.
Office documents can contain embedded objects. For example, a
malicious Excel document could be embedded in an Word or PowerPoint
document. Office documents other than Excel documents could be used as
attack vectors.
For more information, please see Vulnerability Note VU#802324.
II. Impact
By convincing a user to open a specially crafted Excel document, an
attacker could execute arbitrary code on a vulnerable system. If the
user has administrative privileges, the attacker could gain complete
control of the system.
III. Solution
At the time of writing, there is no complete solution available.
Consider the following workarounds:
Do not open untrusted Excel documents
Do not open unfamiliar or unexpected Excel or other Office documents,
including those received as email attachments or hosted on a web site.
Please see Cyber Security Tip ST04-010 for more information.
Do not rely on file extension filtering
In most cases, Windows will call Excel to open a document even if the
document has an unknown file extension. For example, if document.x1s
(note the digit "1") contains the correct file header information,
Windows will open document.x1s with Excel.
Appendix A. References
* Vulnerability Note VU#802324 -
<http://www.kb.cert.org/vuls/id/802324>
* Cyber Security Tip ST04-010 -
<http://www.us-cert.gov/cas/tips/ST04-010.html>
____________________________________________________________________
Information used in this document came from SANS and Microsoft.
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-167A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA06-167A Feedback VU#802324" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 16, 2006: Initial release
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRJNTQn0pj593lg50AQJ9AwgAnn0Hf8DqOzIg9oERRJ0ypWO3Q26gjasr
jK9g3pqGhBPX9P7BxOpqRlM9j28WcE3jSQ/P2N0FaKOa4SLWfwPP32mHIbmFEDuG
QTuu9A+qbg3ib0ScsHPWdI4nrI8QDqhOO7OEpFXMjJsqb/FXkA7TaKp6r+/6yeyb
mDVhCrI9bVGPcT9EAPLz0CwpIQGzbesc+e9eHBowLyDeHBzvaeLTtBSTG3VVcbbH
akqG3WfE0XUF1riZMoN4q9MEq8hwbEmScSGpQGbAK/0ZoqSq3yXUAG/utKuSfJCT
BzevQTih8Q3AG8IHHS4tz2XZiCr5/prhbc/Y8tEeT87LaJfiMWRooA==
=80HN
- -----END PGP SIGNATURE-----
- ----------------------------------------------------------------------------------
For additional information or assistance, please contact the HELP Desk by
telephone or Not Protectively Marked information may be sent via
EMail to: uniras@xxxxxxxxxxxx
Office Hours:
Mon - Fri: 08:30 - 17:00 Hrs
Tel: +44 (0) 870 487 0748 Ext 4511
Fax: +44 (0) 870 487 0749
Outside of Office Hours:
On Call Duty Officer:
Tel: +44 (0) 870 487 0748 and follow the prompts
- ----------------------------------------------------------------------------------
UNIRAS wishes to acknowledge the contributions of US-CERT for the information
contained in this Briefing.
- ----------------------------------------------------------------------------------
This Briefing contains the information released by the original author. Some
of the information may have changed since it was released. If the vulnerability
affects you, it may be prudent to retrieve the advisory from the site of the
original source to ensure that you receive the most current information concerning
that problem.
Reference to any specific commercial product, process, or service by trade
name, trademark manufacturer, or otherwise, does not constitute or imply
its endorsement, recommendation, or favouring by UNIRAS or NISCC. The views
and opinions of authors expressed within this notice shall not be used for
advertising or product endorsement purposes.
Neither UNIRAS or NISCC shall also accept responsibility for any errors
or omissions contained within this briefing notice. In particular, they shall
not be liable for any loss or damage whatsoever, arising from or in connection
with the usage of information contained within this notice.
UNIRAS is a member of the Forum of Incident Response and Security Teams (FIRST)
and has contacts with other international Incident Response Teams (IRTs) in
order to foster cooperation and coordination in incident prevention, to prompt
rapid reaction to incidents, and to promote information sharing amongst its
members and the community at large.
- ----------------------------------------------------------------------------------
<End of UNIRAS Briefing>
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQCVAwUBRJZ0kYpao72zK539AQG5OAP9GIMEbBTlyNmhjpHxoEQOZPH/VEu5AOMH
lOKWHtDFRJ/GbkHkkle50GKLWUbbK4tFzOBPXW/6UdK/fM4NSeQY3gnCPcSH307/
UgBvICLNOzwqcbdOOVkAFtWMOmRHd72Er6yrLA0reDqgXvKvOQpqwg21kmliEfms
C4wC7hORfC4=
=dCN4
-----END PGP SIGNATURE-----
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________