Microsoft Excel - New Targeted attacks
F-Secure is warning of new targeted attack campaigns using Excel with versions from 2002-2007 potentially vulnerable. Please be careful in handling all unusual or unexpected attachments received by email.
Microsoft Excel - Be careful of new Targeted attacks
QUOTE: But here's a fresh set of attacks done with XLS files instead. This is some sort of personnel list. Like the other examples here, it drops and runs a backdoor when viewed. The exploit in these files targets Excel Pointer Offset Memory Corruption Vulnerability CVE-2009-3129. As you can see, such attack files can look like perfectly normal and credible document files.
QUOTE: Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."