来自微软和Symantec的最新消息,就在微软发布MS06-027补丁不到两天,一个最新的Execl漏洞再次被发现,Microsoft已经确认这个新漏洞。同时利用此漏洞的.xls文档也被截获,小陌提醒广大网友小心!
引用微软Mike Reavey的话:
We've received a single report from a customer being impacted by an attack using a new vulnerability in Microsoft Excel.
Here's what we know: In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an email attachment or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.
有漏洞的xls文档随着mail传播,文件名为okN.xls,Symantec将这个okN.xls命名为Trojan.Mdropper.J,释放一个叫Downloader.Booli.A,会下载Trojan-Spy.Win32.Flux.ae
2006.6.16 22:00更新:
确认受影响的Excel版本如下:
Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office XP
2006.6.17 11:40更新:
Trend Micro: X97M_EMBED.AN
2006.6.20 13:10更新:
Trend Micro将X97M_EMBED.AN更名为TROJ_EMBED.AN
微软针对此漏洞发布安全建议:Microsoft Security Advisory (921365)
你可以使用这个链接引用该篇文章 http://publishblog.blogchina.com/blog/tb.b?diaryID=5248471