Microsoft patched only the most critical Excel flaw

It is easy to start from this summary published at Internet Storm Center Diary on 25th Jun, already:

CVE-2006-3059 aka “Excel Repair Mode”
Exploited by: Mdropper.G, Booli.A, Flux.E, Booli.B

CVE-2006-3086 aka “Long Hyperlink”
Exploited by: Urxcel.A, and three known public exploit code examples

CVE-2006-3014 aka “Shockwave vulnerability”
Exploited by proof of concept code Flemex.A
The workaround is a killbit

Exact quoting from ISC site used because some of this information is sent by me.

When discussing about three critical Excel vulnerabilities disclosed during one week in last month, only the first was patched with Tuesday’s updates. Microsoft uses name ‘Malformed File Vulnerability’ about this case in its MS06-037. Microsoft normally removes workarounds etc. from their security advisory after security bulletin release, i.e. it’s worth of checking this SecuriTeam advisory for background information.

Because these issues have been released within a week, Microsoft had time enough to fix all of these issues. But they only fixed the ‘Repair Mode’ issue used to targeted attacks by Booli.A.

In fact, there is a fourth Excel issue as well. Information is included to my Excel 0-day FAQ document, see question #4. To readers not familiar with this Excel flaw aka “Nanika case” yet let’s check CVE-2006-3431.

There was no new information listed at Microsoft’s bulletin including seven another vulnerabilities too. Or what can we learn about this section:

What does the update do?
The update removes the vulnerability by modifying the way that Excel validates the length of a record before it passes the message to the allocated buffer.

When there are a lot of security bulletins handling Office and Excel issues it’s easy to think that all recent code execution issues has been fixed. But this is not the situation. And we are not discussing about confusing at all. We are discussing about the facts and protecting customers.

Print Friendly, PDF & Email

Published by


Security consultant from Finland

Comments are closed.