• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Excel Unspecified Remote Code Execution Vulnerability

Microsoft Excel is prone to an unspecified remote code-execution vulnerability. Insufficient details are currently available to elaborate further.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of targeted users.

Attackers are actively exploiting this vulnerability in targeted attacks and to install malicious software.

Note that Microsoft Office applications include functionality to embed Office files as objects contained in other Office files. As an example, Microsoft Word files may contain embedded malicious Microsoft Excel files, making Word documents another possible attack vector.

The proof-of-concept file 'Nanika.xls' was originally thought to be related to this issue; however, reports indicate that 'Nanika.xls' triggers a different vulnerability. BID 18872 (Microsoft Excel Style Handling and Repair Remote Code Execution Vulnerability) has been created for the new issue.