Excel and VML bug demos could end up in malware tools
Security service provider Secure Computing warns users of web pages and e-mails that might exploit vulnerabilities in Microsoft’s Excel tool and the Vector Markup Language (VML) to inject malicious code on a victim’s system. The company has detected demo programs that exploit the vulnerabilities fixed by Microsoft with its August Patchday releases.
The service provider assumes that the demo code exploiting the vulnerabilities in the VML component will soon find its way into automatic web attack toolkits such as MPack. Web pages in Internet Explorer can automatically exploit this hole on unpatched systems. To exploit the Excel vulnerability, the user must open an infected document, such as e-mail attachments.
To protect themselves, users should install the updates provided by Microsoft about two weeks ago and then restart their systems. More information, for instance, on the safe handling of e-mails, can be found on the anti-virus pages of heise Security.
- Patchday Tuesday: 15 down, heise Security news
- More details on MPack web attack toolkit, heise Security news