[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    New CVE number states Excel Style handling as a separate issue
From:       Juha-Matti Laurio <juha-matti.laurio () netti ! fi>
Date:       2006-07-11 0:01:03
Message-ID: 19726910.1299091152576064547.JavaMail.juha-matti.laurio () netti ! fi
[Download RAW message or body]

New CVE document
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3431

published recently confirms the information that Microsoft Excel Style handling \
vulnerability aka Nanika.xls issue is a separate vulnerability. This vulnerability \
mentioned affects only to Simplified Chinese, Traditional Chinese, Japanese and \
Korean versions of Excel.

This vulnerability (let's say 4th Excel vulnerability) uses Repair Mode too and user \
interaction is needed. This information has been updated to my First Microsoft Excel \
0-day Vulnerability FAQ document at SecuriTeam Blogs.

If fix to this vulnerability is included to monthly July updates from Microsoft it's \
expected that this CVE-2006-3431 is listed in the upcoming security bulletin to \
clarify the situation.

So-called 1st Excel code execution vulnerability reported in June is
http://www.microsoft.com/technet/security/advisory/921365.mspx
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059

- Juha-Matti


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic