IT-DISCUSS Archives

June 2006

IT-DISCUSS@LIST.UVM.EDU

Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Stefanie Ploof <[log in to unmask]>
Reply To:
Technology Discussion at UVM <[log in to unmask]>
Date:
Mon, 19 Jun 2006 09:51:50 -0400
Content-Type:
TEXT/PLAIN
Parts/Attachments:
TEXT/PLAIN (128 lines)
For our information.  Please note that at the time of publication of this
announcement there was not a solution to the vulnerability.

----
Stefanie Ploof
CIT Client Services
CALS Information Technology Office
University of Vermont, Burlington

---------- Forwarded message ----------
Date: Fri, 16 Jun 2006 21:08:03 -0400
From: US-CERT Alerts <[log in to unmask]>
To: [log in to unmask]
Subject: US-CERT Cyber Security Alert SA06-167A -- Microsoft Excel
    Vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                     National Cyber Alert System

                   Cyber Security Alert SA06-167A


Microsoft Excel Vulnerability

   Original release date: June 16, 2006
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Excel 2003
     * Microsoft Excel XP (2002)
     * Microsoft Excel for Mac

   Microsoft Excel is included in Microsoft Office. Other versions of
   Excel and other Office programs may also be affected.


Overview

     A vulnerability in Microsoft Excel could allow an attacker to
     gain control of your computer.


Solution

Do not open untrusted Excel documents

     At the time of writing, an update is not available. Do not open
     unfamiliar or unexpected Excel or other Office documents,
     including those received as email attachments or hosted on a web
     site. Please see US-CERT Cyber Security Tip ST04-010 for more
     information.


Description

     An attacker could exploit a vulnerability in Microsoft Excel by
     convincing a user to open a specially crafted Excel document. The
     Excel document could be included as an email attachment or hosted
     on a web site. It may also be possible to exploit the
     vulnerability using Excel documents embedded in other Office
     documents.

     For more technical information, see US-CERT Technical Alert
     TA06-167A.


References

     * US-CERT Technical Alert TA06-167A -
       <http://www.us-cert.gov/cas/techalerts/TA06-167A.html>

     * Vulnerability Note VU#802324 -
       <http://www.kb.cert.org/vuls/id/802324>

     * Cyber Security Tip ST04-010 -
       <http://www.us-cert.gov/cas/tips/ST04-010.html>

     * Microsoft Security Essentials -
       <http://www.microsoft.com/protect/>


 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA06-167A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT. Please send email to
   <[log in to unmask]> with "SA06-167A Feedback VU#802324" in the subject.
 ____________________________________________________________________

   Mailing list information:

     <http://www.us-cert.gov/cas/>
 ____________________________________________________________________

   Produced 2006 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________


Revision History

   June 16, 2006: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBRJNUrX0pj593lg50AQIAPgf/SXzcTDvGEWtQIroiEsiJxqnDVCCZAwLA
NCgpqxQpZiqgt2e2JLjQ63ha6SeXCI9kTUhqfMMbXaHpOvfeoVe/kyBgjoAoHR+Z
E/6ek0jIuF7k6tcuek/8BjnuOa9OgNFSDSGKjOeMoDzyaIeYNW5di/ccPhZPhCAF
1kkBXBmhNMy6fFma2d4DbuSCNQ6q+NvusCiXfBMLSlek1wUjBuI+9cEqrbk4Ft7d
olknWzo7voU8Vf4gQffOnMLQkZxSG/yGa4V8QprtBDOA99N2X0Dm0LEyuSDjwidk
OsL0uYeaC2qlHKHOyrTrSLAi9OugmVg9P/Swn7lDCwxCHZQs9FY33A==
=3BBe
-----END PGP SIGNATURE-----

ATOM RSS1 RSS2