Unpatched Excel Vulnerabilities - Latest news
The ISC has a good summary today of in-the-wild and POC exploits associated with the 3 areas of risk. These are not prevelent in the wild and staying up-to-date on AV protection will help. Most importantly, avoid all untrusted documents or URLs in email.
QUOTE: To help clearly identify the issues, exploit code and remedy related to the recently announce Excel vulnerabilities, I offer this humble correlation. This information comes from Microsoft, Mitre, and vigilant readers sending in tips. My thanks go to all.
CVE-2006-3059 aka "Excel Repair Mode"
Exploited by: Mdropper.G, Booli.A, Flux.E, Booli.B
CVE-2006-3086 aka "Long Hyperlink"
Exploited by: Urxcel.A, and three known public exploit code examples
CVE-2006-3014 aka "Shockwave vulnerability"
Exploited by proof of concept code Flemex.A ... The workaround is a killbit