[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: New CVE number states Excel Style handling as a separate issue
From: Juha-Matti Laurio <juha-matti.laurio () netti ! fi>
Date: 2006-07-11 0:01:03
Message-ID: 19726910.1299091152576064547.JavaMail.juha-matti.laurio () netti ! fi
[Download RAW message or body]
New CVE document
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3431
published recently confirms the information that Microsoft Excel Style handling \
vulnerability aka Nanika.xls issue is a separate vulnerability. This vulnerability \
mentioned affects only to Simplified Chinese, Traditional Chinese, Japanese and \
Korean versions of Excel.
This vulnerability (let's say 4th Excel vulnerability) uses Repair Mode too and user \
interaction is needed. This information has been updated to my First Microsoft Excel \
0-day Vulnerability FAQ document at SecuriTeam Blogs.
If fix to this vulnerability is included to monthly July updates from Microsoft it's \
expected that this CVE-2006-3431 is listed in the upcoming security bulletin to \
clarify the situation.
So-called 1st Excel code execution vulnerability reported in June is
http://www.microsoft.com/technet/security/advisory/921365.mspx
and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059
- Juha-Matti
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic