Subject: | |
From: | |
Reply To: | |
Date: | Mon, 19 Jun 2006 09:51:50 -0400 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
For our information. Please note that at the time of publication of this
announcement there was not a solution to the vulnerability.
----
Stefanie Ploof
CIT Client Services
CALS Information Technology Office
University of Vermont, Burlington
---------- Forwarded message ----------
Date: Fri, 16 Jun 2006 21:08:03 -0400
From: US-CERT Alerts <[log in to unmask]>
To: [log in to unmask]
Subject: US-CERT Cyber Security Alert SA06-167A -- Microsoft Excel
Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Cyber Security Alert SA06-167A
Microsoft Excel Vulnerability
Original release date: June 16, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Excel 2003
* Microsoft Excel XP (2002)
* Microsoft Excel for Mac
Microsoft Excel is included in Microsoft Office. Other versions of
Excel and other Office programs may also be affected.
Overview
A vulnerability in Microsoft Excel could allow an attacker to
gain control of your computer.
Solution
Do not open untrusted Excel documents
At the time of writing, an update is not available. Do not open
unfamiliar or unexpected Excel or other Office documents,
including those received as email attachments or hosted on a web
site. Please see US-CERT Cyber Security Tip ST04-010 for more
information.
Description
An attacker could exploit a vulnerability in Microsoft Excel by
convincing a user to open a specially crafted Excel document. The
Excel document could be included as an email attachment or hosted
on a web site. It may also be possible to exploit the
vulnerability using Excel documents embedded in other Office
documents.
For more technical information, see US-CERT Technical Alert
TA06-167A.
References
* US-CERT Technical Alert TA06-167A -
<http://www.us-cert.gov/cas/techalerts/TA06-167A.html>
* Vulnerability Note VU#802324 -
<http://www.kb.cert.org/vuls/id/802324>
* Cyber Security Tip ST04-010 -
<http://www.us-cert.gov/cas/tips/ST04-010.html>
* Microsoft Security Essentials -
<http://www.microsoft.com/protect/>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA06-167A.html>
____________________________________________________________________
Feedback can be directed to US-CERT. Please send email to
<[log in to unmask]> with "SA06-167A Feedback VU#802324" in the subject.
____________________________________________________________________
Mailing list information:
<http://www.us-cert.gov/cas/>
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 16, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRJNUrX0pj593lg50AQIAPgf/SXzcTDvGEWtQIroiEsiJxqnDVCCZAwLA
NCgpqxQpZiqgt2e2JLjQ63ha6SeXCI9kTUhqfMMbXaHpOvfeoVe/kyBgjoAoHR+Z
E/6ek0jIuF7k6tcuek/8BjnuOa9OgNFSDSGKjOeMoDzyaIeYNW5di/ccPhZPhCAF
1kkBXBmhNMy6fFma2d4DbuSCNQ6q+NvusCiXfBMLSlek1wUjBuI+9cEqrbk4Ft7d
olknWzo7voU8Vf4gQffOnMLQkZxSG/yGa4V8QprtBDOA99N2X0Dm0LEyuSDjwidk
OsL0uYeaC2qlHKHOyrTrSLAi9OugmVg9P/Swn7lDCwxCHZQs9FY33A==
=3BBe
-----END PGP SIGNATURE-----
|
|
|