Hello again,
I say this a little bit in jest but thanks to Clint (and now
I see Peter is
also in the Secunia parade), I'm being introduced into a
whole new "world of
worry" ... as though life doesn't throw any other
curve balls at people. In
fact, I now boodmarked <http://secunia.com/>
which is telling me I have to
be careful with Instant Messenger (which I use with my
grandchildren; a
program very popular with kids), and my MSOffice 2000, which
this last
posting says is also in trouble.
Life's been good to me; I don't have problems. What am I
supposed to do now,
look foe them? Again, no offense meant to anyone; both Clint
and Peter are
heads and shoulders above the average people I know and
contribute mucho to
helping others. It's just that there's a bit of irony in
these reports in
that I enjoy a life with minimum stress and Secunia has
other plans for
me. --- Harold
>
> TITLE:
> Microsoft Office Long Link Buffer Overflow
Vulnerability
> SECUNIA ADVISORY ID:
> SA20748
> RELEASE DATE:
> 2006-06-20
> VERIFY ADVISORY:
> http://secunia.c
om/advisories/20748/
> CRITICAL:
> Highly critical
> WHERE:
> From remote
> IMPACT:
> System access
> SOFTWARE:
> Microsoft Excel 2000
> Microsoft Office 2000
<SNIP>
> DESCRIPTION:
> kcope has discovered a vulnerability in Microsoft
Excel, which can be
> exploited by malicious people to compromise a
vulnerable system. The
> vulnerability is caused due to a boundary error in
hlink.dll within the
> handling of Hyperlinks in e.g. Excel documents. This
can be exploited to
> cause a stack-based buffer overflow by tricking a user
into clicking a
> specially crafted Hyperlink in a malicious Excel
document. Successful
> exploitation allows execution of arbitrary code. The
vulnerability has
> been confirmed in Microsoft Excel 2003 SP2 (fully
updated). Other versions
> and Office products may also be affected.
> NOTE: Secunia is currently not aware of this
vulnerability being actively
> exploited and working exploit code is not currently
publicly available.
> However, the vulnerability is quite simple to exploit
and it is therefore
> likely that exploit code is published soon.
> SOLUTION:
> Do not open untrusted Microsoft Office documents.
> Do not follow links in Microsoft Office documents.
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|