Microsoft Excel 0-day Code Execution Vulnerability Exploited In The Wild
SecurityFocus reports a new vulnerability in Microsoft Excel, MS Excel 2007 SP1 and SP2 are vulnerable, other versions may also be affected. Excel is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.
Symantec has detected active in-the-wild exploit attempts and detects this issue as ‘Trojan.Mdropper.AC‘. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. The Trojan drops the file %Temp%rundll.exe and then it may attempt to download more files on to the compromised computer from the following locations:
[http://]61.59.24.55/sb.php?id=[19 RANDOM ASCII CHARACTERS]
[http://]61.59.24.45/sb.php?id=[19 RANDOM ASCII CHARACTERS]
[http://]61.221.40.63/sb.php?id=[19 RANDOM ASCII CHARACTERS]
Failed exploit attempts will result in a denial-of-service condition.
Currently there are no vendor-supplied patches and no known workarounds. As usual, users should not open anything that looks like an Excel document from sources that can not be fully verified.
Update: Microsoft has confirmed that the code execution vulnerability in Excel is real and provided recommendations on how to avoid being compromised by the vulnerability until a patch is available.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.