etms 0 Report post Posted June 22, 2006 Today the software Excel has one third makes found it. still he has not been available no makes it. The new vulnerability has been marked from SecurityTracker debiting some the discovery originates them Debasis Mohanty (which has published online the code of the proof-of-concept). The opening of rows Excel purposely created allows the execution of code from remote, opening therefore the system attacked to the malintenzionati incursions of external. Such rows come put to point inglobando the function ?Shockwave Flash Object? and the attack comes directly from Flash rows ?embedded?. Microsoft turns out to have been informed of the problem in date 3 May, little days before the modernization emergency salary. Accumulateing itself of the problematic ones around Microsoft Excel renders verosimile the hypothesis for which the next modernization of the 11 July will be concentrated particularly on the software for the calculation sheets. No attack turns out at the moment to have been recorded online in reference to this last one patch, but the notification of the code of exploit cannot that to render the problem particularly insidioso and to open the customers Microsoft Office to the danger. Before it makes notified it has had a partial resolution with the publication of a workaround in a position to temporary going around the arrival of an eventual attack. The joint action of three various problems does not seem but more aggirabile being with a simple one workaround and, in the event an imminent danger sopraggiungesse, Microsoft could eventually assume an participation anticipated (at the moment the not sussiste hypothesis in how much in similari cases completely in passed Microsoft is not taken part in absence of concrete imminent danger for the user Share this post Link to post Share on other sites