US-CERT Cyber Security Alert SA06-167A -- Microsoft Excel Vulnerability

National Cyber Alert System

Cyber Security Alert SA06-167A

Microsoft Excel Vulnerability

Original release date: June 16, 2006
Last revised: --
Source: US-CERT

Systems Affected

Microsoft Excel 2003
Microsoft Excel XP (2002)
Microsoft Excel for Mac

Microsoft Excel is included in Microsoft Office. Other versions of Excel and other Office programs may also be affected.

Overview

A vulnerability in Microsoft Excel could allow an attacker to gain control of your computer.

Solution

Do not open untrusted Excel documents

At the time of writing, an update is not available. Do not open unfamiliar or unexpected Excel or other Office documents, including those received as email attachments or hosted on a web site. Please see US-CERT Cyber Security Tip ST04-010 for more information.

Description

An attacker could exploit a vulnerability in Microsoft Excel by convincing a user to open a specially crafted Excel document. The Excel document could be included as an email attachment or hosted on a web site. It may also be possible to exploit the vulnerability using Excel documents embedded in other Office documents.

For more technical information, see US-CERT Technical Alert TA06-167A.

References

US-CERT Technical Alert TA06-167A - <http://www.us-cert.gov/cas/techalerts/TA06-167A.html>

Vulnerability Note VU#802324 - <http://www.kb.cert.org/vuls/id/802324>

Cyber Security Tip ST04-010 - <http://www.us-cert.gov/cas/tips/ST04-010.html>

Microsoft Security Essentials - <http://www.microsoft.com/protect/>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

June 16, 2006: Initial release

Last updated February 11, 2008

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting