Microsoft has received a report of a new 0-day vulnerability involving Excel. They are currently investigating this issue and will issue more information on workarounds as it becomes available. They are currently blogging about it at http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx so check that site for more information as it becomes available.
In the meantime, we continue to recommend the same defenses we recommended with the Word 0-day from last month located at http://isc.sans.org/diary.php?storyid=1347. These very general best practices should help alleviate the danger until Microsoft releases a patch or more specific workarounds.
Update - We've recieved reports (Thanks Juha-Matti) that Symantec is detecting this attack.
Trojan.Mdropper.J is the detection for the malicious .xls which uses the 0-day exploit to drop Downloader.Booli.A.
The Symantec website also reports ..
Downloader.Booli.A may arrive on the compromised computer, dropped by Trojan.Mdropper.J, with the following name:
We'll pass on more information as we receive it.
Jun 16th 2006
1 decade ago