Microsoft Office and Excel Vulnerabilities

Systems Affected

• Microsoft Office for Windows and Mac OS X
• Microsoft Excel for Windows and Mac OS X
• Microsoft Works Suite for Windows

Overview

There are critical vulnerabilities in Microsoft Office and Excel that may allow an attacker to take control of your computer.

Solution

Apply Updates

Microsoft has provided updates to remedy these vulnerabilities. To obtain the update, visit the Microsoft Update web site. US-CERT also recommends enabling Automatic Updates.

Description

There are critical vulnerabilities in some features of Microsoft Office and Excel. If an attacker can convince you to open a malicious Office file, he or she may be able to take control of your computer or cause it to crash. Microsoft Security Bulletins for March 2006 provides updates that address these vulnerabilities. For more technical information, see US-CERT Technical Cyber Security Alert TA06-073A.

References

• US-CERT Technical Cyber Security Alert TA06-073A.html - <http://www.us-cert.gov/cas/techalerts/TA06-073A.html>
• US-CERT Vulnerability Note VU#339878 - <http://www.kb.cert.org/vuls/id/339878>
• US-CERT Vulnerability Note VU#104302 - <http://www.kb.cert.org/vuls/id/104302>
• US-CERT Vulnerability Note VU#123222 - <http://www.kb.cert.org/vuls/id/123222>
• US-CERT Vulnerability Note VU#235774 - <http://www.kb.cert.org/vuls/id/235774>
• US-CERT Vulnerability Note VU#642428 - <http://www.kb.cert.org/vuls/id/642428>
• US-CERT Vulnerability Note VU#682820 - <http://www.kb.cert.org/vuls/id/682820>
• Microsoft Security Bulletin Summary for March 2006 - <http://www.microsoft.com/technet/security/bulletin/ms06-mar.mspx>
• Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
• Security Essentials - <http://www.microsoft.com/athome/security/protect/default.aspx>

Feedback can be directed to the US-CERT Technical Staff.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

March 10, 2006: Initial release