In association with heise online

28 August 2007, 17:28

Excel and VML bug demos could end up in malware tools

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider Secure Computing warns users of web pages and e-mails that might exploit vulnerabilities in Microsoft’s Excel tool and the Vector Markup Language (VML) to inject malicious code on a victim’s system. The company has detected demo programs that exploit the vulnerabilities fixed by Microsoft with its August Patchday releases.

The service provider assumes that the demo code exploiting the vulnerabilities in the VML component will soon find its way into automatic web attack toolkits such as MPack. Web pages in Internet Explorer can automatically exploit this hole on unpatched systems. To exploit the Excel vulnerability, the user must open an infected document, such as e-mail attachments.

To protect themselves, users should install the updates provided by Microsoft about two weeks ago and then restart their systems. More information, for instance, on the safe handling of e-mails, can be found on the anti-virus pages of heise Security.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit