This is an exploit for the microsoft hlink.dll buffer overflow which
is used while handling hyperlinks in microsoft office. The related
MSRC blog entry is located here
On 6/23/06, Steven M. Christey <coley (at) mitre (dot) org [email concealed]> wrote:
>
> > * Advisories:
> > * http://www.microsoft.com/technet/security/advisory/921365.mspx
> > * http://www.securityfocus.com/bid/18422/
>
> There are at least three separate Excel issues that were published in
> the past week. These references suggest that it's the "zero-day"
> exploit from last Friday (CVE-2006-3059).
>
> However, the Microsoft blog and CERT advisories do not provide any
> details about that issue, not even about the bug type.
>
> So, it's not clear to me whether this is really an exploit for last
> Friday's zero-day, or if this is actually a brand new vulnerability.
>
> Any clarification would be appreciated.
>
> - Steve
>
is used while handling hyperlinks in microsoft office. The related
MSRC blog entry is located here
http://blogs.technet.com/msrc/archive/2006/06/20/437826.aspx
On 6/23/06, Steven M. Christey <coley (at) mitre (dot) org [email concealed]> wrote:
>
> > * Advisories:
> > * http://www.microsoft.com/technet/security/advisory/921365.mspx
> > * http://www.securityfocus.com/bid/18422/
>
> There are at least three separate Excel issues that were published in
> the past week. These references suggest that it's the "zero-day"
> exploit from last Friday (CVE-2006-3059).
>
> However, the Microsoft blog and CERT advisories do not provide any
> details about that issue, not even about the bug type.
>
> So, it's not clear to me whether this is really an exploit for last
> Friday's zero-day, or if this is actually a brand new vulnerability.
>
> Any clarification would be appreciated.
>
> - Steve
>
[ reply ]