two
Volume 4, Number 5 -- February 7, 2007

Another Zero-Day Vulnerability Hits Office

Published: February 7, 2007

by Alex Woodie

Another zero-day vulnerability in Office--the fifth since mid-December--has been discovered in Excel that could enable hackers to take complete control of affected Windows and Mac PCs. Attacks are underway, although they're not widespread. Microsoft says it's working on a patch.

Microsoft's Security Response Center says the security flaw is present in Office 2000, Office XP, Office 2003, and Office 2004 for Mac. To exploit the flaw, a victim must first be tricked into opening an infected file, sent via e-mail or downloaded off the Web. Currently, Excel seems to be the only way this flaw is being exploited, although Microsoft warns there could be other avenues of attack.

Hackers are using the flaw to install Trojans that give them a backdoor into victims' computers, says antivirus software vendor McAfee. Currently, malware exploiting the flaw, called Exploit-MSExcel.h, poses a low security risk, the vendor says.

This is the fifth zero-day exploit discovered in the last six weeks. According to eEye Digital Security's new Zero-Day Tracker, there are currently nine zero-day vulnerabilities that have yet to be patched by the vendor. All nine involve Microsoft products; four target MS-Word, three target Windows, one targets Internet Explorer, and one targets PowerPoint.

For more information on the new Excel zero-day vulnerability, see Microsoft Security Advisory 932553.


                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By
SWEETER THAN ME

Be Sweeter to Your Sweetheart

Indulge your sweetheart this Valentine's Day with cookies from Sweeter Than Me.
Our cookies are a extraordinary Valentine's treat for anyone special in your life.

Eating one of our cookies is no ordinary experience.
Every cookie is packed full of sweet and delicious confections.
Our menu includes a variety of delicious flavors from chocolate chunk classic
to pina colada paradise.

Place your order at sweeterthanme.com
or call 727-365-4337.
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

Vision Solutions:  Get facts on managed availability and business continuity to eliminate downtime
Wolf Computer Consulting:  Reliable service and affordable rates for business computing needs
COMMON:  Join us at the Spring 2007 conference, April 29 - May 3, in Anaheim, California

 
The Four Hundred
IBM Upgrades System i5 Disk Controllers, Adds Enclosures

IBM and ISVs Launch VIP Program to Reinvigorate System i5 Sales

Sundry Other System i5 Announcements

The X Factor: One Socket to Rule Them All

The Linux Beacon
PA Semi Samples Homegrown Dual-Core Power Chip

Intel, AMD Push and Pull for X64 Market Share

VMware, XenSource Launch Virtualization Bundles

The X Factor: One Socket to Rule Them All

Four Hundred Stuff
RevSoft Pushes 'Lights On' Approach to Systems Automation

Oracle Cools on Fusion, Focuses on Current ERP

LogLogic Aims to Ease Log Data Crunch

Halcyon Updates Systems Management Tools

Big Iron
Platform Solutions v IBM: Estoppel, Old Show Key

Top Mainframe Stories From Around the Web

Chats, Webinars, Seminars, Shows, and Other Happenings

Four Hundred Guru
Finding the Last Transaction for a Customer

Sorting Arrays and Subfiles with a User Index

When Fix Central Won't Let You Download PTFs

System i PTF Guide
January 27, 2007: Volume 9, Number 4

January 20, 2007: Volume 9, Number 3

January 13, 2007: Volume 9, Number 2

January 6, 2007: Volume 9, Number 1

December 30, 2006: Volume 8, Number 50

December 23, 2006: Volume 8, Number 49

The Unix Guardian
AMD: Native Quad Core Opteron Will Best Intel Quasi Quads

IT Salaries Rise by 5.2 Percent in 2006, Dice Survey Says

IBM Bags System p5 Super Deals, But Is Power6 Slipping?

Ask TPM: The Economics of Open Source Software

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

THIS ISSUE SPONSORED BY:

OpenLogic
MKS
World Data Products
Lakeview Technology
Sweeter Than Me



TABLE OF CONTENTS
Microsoft Hits Snags in Anti-Piracy Net

AMD Delivers Faster and Cooler Rev F Opteron Chips

Microsoft Hypes the NAP, Unveils New Security Appliance

VMware, XenSource Launch Virtualization Bundles

But Wait, There's More:

IBM X-Force Says For-Profit Cyber Attacks to Increase in 2007 . . . Another Zero-Day Vulnerability Hits Office . . . File Format Translator Available for Open XML, ODF . . . Dell Fires CEO Rollins, Founder Takes the Reins Back . . . Intel, AMD Push and Pull for X64 Market Share . . . IBM Replaces Top X64 Server Exec . . .

The Windows Observer

BACK ISSUES





 
Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement