Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: New, Unpatched Office Vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New, Unpatched Office Vulnerability
Microsoft has released an advisory for a remote code execution vulnerability in Microsoft Office.  It is currently being reported to target  only Microsoft Excel at this point.  However according to Microsoft's advisory:  "While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable."  It has a CVE entry of CVE-2007-0671, although I could not find it in the database at this time and there is very limited information available.  The advisory applies to the following products:

Office 2000
Office XP
Office 2003
Office 2004 for Mac
Office 2004 v. X for Mac

Just keep reminding folks to exercise caution when opening attachments received via email or documents found on the internet. 

165 Posts
ISC Handler
Feb 3rd 2007

Sign Up for Free or Log In to start participating in the conversation!