Hello again,
I say this a little bit in jest but thanks to Clint (and now I see Peter is
also in the Secunia parade), I'm being introduced into a whole new "world of
worry" ... as though life doesn't throw any other curve balls at people. In
fact, I now boodmarked <http://secunia.com/> which is telling me I have to
be careful with Instant Messenger (which I use with my grandchildren; a
program very popular with kids), and my MSOffice 2000, which this last
posting says is also in trouble.
Life's been good to me; I don't have problems. What am I supposed to do now,
look foe them? Again, no offense meant to anyone; both Clint and Peter are
heads and shoulders above the average people I know and contribute mucho to
helping others. It's just that there's a bit of irony in these reports in
that I enjoy a life with minimum stress and Secunia has other plans for
me. --- Harold
TITLE:
Microsoft Office Long Link Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA20748
RELEASE DATE:
2006-06-20
VERIFY ADVISORY:
http://secunia.com/advisories/20748/
CRITICAL:
Highly critical
WHERE:
From remote
IMPACT:
System access
SOFTWARE:
Microsoft Excel 2000
Microsoft Office 2000
<SNIP>
DESCRIPTION:
kcope has discovered a vulnerability in Microsoft Excel, which can be
exploited by malicious people to compromise a vulnerable system. The
vulnerability is caused due to a boundary error in hlink.dll within the
handling of Hyperlinks in e.g. Excel documents. This can be exploited to
cause a stack-based buffer overflow by tricking a user into clicking a
specially crafted Hyperlink in a malicious Excel document. Successful
exploitation allows execution of arbitrary code. The vulnerability has
been confirmed in Microsoft Excel 2003 SP2 (fully updated). Other versions
and Office products may also be affected.
NOTE: Secunia is currently not aware of this vulnerability being actively
exploited and working exploit code is not currently publicly available.
However, the vulnerability is quite simple to exploit and it is therefore
likely that exploit code is published soon.
SOLUTION:
Do not open untrusted Microsoft Office documents.
Do not follow links in Microsoft Office documents.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/rules.htm
Contact list owner <[EMAIL PROTECTED]>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
