Published: 2006-06-17T03:13+00:00
Last Updated: 2006-07-17T20:35+00:00
TRTA06-167A
Microsoft Excel Vulnerability
Overview
An unspecified vulnerability in Microsoft Excel could allow an attacker to execute arbitrary code on a vulnerable system.
Event Information
| Date (UTC) | Description |
| 2006-07-11 |
Microsoft MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285) Vulnerability Fixed (CVE-2006-1301, CVE-2006-1302, CVE-2006-1304, CVE-2006-1306, CVE-2006-1308, CVE-2006-1309, CVE-2006-2388, CVE-2006-3059) |
| 2006-06-27 22:30 |
Full-disclosure [Full-disclosure] "Microsoft Office Excel 2003" Hlink Stack/SEH Overflow Exploit a proof-of-concept code for this vulnerability |
| 2006-06-23 05:59 |
JPCERT/CC JPCERT-AT-2006-0009: Microsoft Excel Vulnerabilities |
| 2006-06-22 04:40 |
Full-disclosure [Full-disclosure] MS Excel Remote Code Execution POC Exploit a proof-of-concept code for this vulnerability (CVE-2006-3059) #Cid: 18500.c #Tested: Excel 2000 on Windows XP SP1 #Tested: Excel 2000 on Windows 2000 SP4 |
| 2006-06-22 |
US-CERT Public Exploit Code for Unpatched Vulnerability in MS Office Hyperlink Object Library Vulnerability(CVE-2006-3086,VU#394444) US-CERT is aware of publicly available exploit code for an unpatched buffer overflow vulnerability in Microsoft Hyperlink Object Library (HLINK.DLL). By persuading a user to access a specially crafted hyperlink in an email message or MS Office document, a remote attacker may be able to execute arbitrary code with the privileges of the user. |
| 2006-06-20 17:17 |
Full-disclosure [Full-disclosure] Microsoft Excel File Embedded Shockwave Flash Object Exploit a proof-of-concept code for this vulnerability (CVE-2006-3014) #Cid: xls-embed-swf-expl.zip |
| 2006-06-20 16:05 |
SANS Internet Storm Center New Excel 0day (Are we evolving or going in circles?) Today there is news of another 0day vulnerability in Microsoft Office. |
| 2006-06-20 11:17 |
Microsoft Security Response Center Blog Information on Proof of Concept posting about hlink.dll I wanted to give you some information about the recent posting of proof of concept PERL script that claims to demonstrate a vulnerability in Excel's processing of long links. As soon as we received these reports we immediately began an investigation into the posting. I wanted to let you know information we have based on that investigation. First, I want to be clear that this proof of concept code and not an attack. We're not aware of any attacks based on this code based on our work with our Microsoft Security Response Alliance partners. Second, our investigation so far has shown that while the posting claims this is a vulnerability in Excel, it actually is a vulnerability in hlink.dll which is a Windows component that handles operations involving hyperlinks. (snip) |
| 2006-06-20 06:33 |
Trend Micro TROJ_EMBED.AN |
| 2006-06-19 |
Microsoft Microsoft Security Advisory (921365): Vulnerability in Excel Could Allow Remote Code Execution Via Microsoft Mailing List |
| 2006-06-18 20:50 |
Full-disclosure [Full-disclosure] ***ULTRALAME*** Microsoft Excel Unicode Overflow ***ULTRALAME*** a proof-of-concept code for this vulnerability (CVE-2006-3086) #Cid: excelsexywarez.pl |
| 2006-06-17 00:58 |
US-CERT TA06-167A: Microsoft Excel Vulnerability Via US-CERT Mailing List |
| 2006-06-16 17:16 |
SANS Internet Storm Center Reports of Excel 0-Day Microsoft has received a report of a new 0-day vulnerability involving Excel. |
| 2006-06-16 12:09 |
Microsoft Security Response Center Blog Reports of a new vulnerability in Microsoft Excel We've received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel. |
| 2006-06-16 |
US-CERT Active Exploitation of a Vulnerability in Microsoft Excel US-CERT is aware of active exploitation of a new vulnerability in Microsoft Excel. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the user running Excel. |
| 2006-06-14 |
Symantec Trojan.Mdropper.J Trojan.Mdropper.J is a Trojan horse that drops Downloader.Booli.A on the compromised computer. It exploits an undocumented vulnerability in Microsoft Excel. |