Michael R. Farnum

Hitting the Security Nerve

New Excel 0-day being exploited

TAGS:Excel, mdropper, Microsoft, Symantec, zero day
IT TOPICS:Cybercrime & Hacking, Security

Symantec is reporting that there is an exploit in the wild for an Excel 2007 and Excel 2007 SP1 zero-day remote code execution vulnerability (other versions may be affected as well). There's not a lot of publicly available information about the trojan or the vulnerability. Symantec is saying that the vulnerability is being exploited by a variant of the Mdropper trojan, which they are calling Trojan.Mdropper.AC. There are no patches for this yet (which is part of the definition for 0-day, so duh).

SecurityFocus says the following about how you can be affected:

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Basically this means just to be careful about Excel files you open. If you don't trust the source, don't open it.

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Hacked memo leaked: Apple, Nokia, RIM supply backdoors for gov't intercept?

AntiSec leaks Symantec pcAnywhere source code after $50k extortion not paid

Android Market security: An interview with Android's VP of engineering

Microsoft's opposition to SOPA is solid and sincere, not half-hearted

Today's Top Stories

Essential browser tools for Web developers

Hands on: The new iPad

Microsoft cuts the prices of some Office 365 plans

Google works to overhaul its search

Mozilla will start Firefox silent updates in June

Preston Gralla: Big backlash is building against Windows 8. Will Microsoft listen?

Hot Posts

Google wins again vs. Oracle: No patent probs.

Posted by IT Blogwatch |

Apple iPhone 5 -- fresh reports claim 4-inch display

Posted by Jonny Evans |

London's flying cameras spy shoelaces nearly a mile away; Will drones in the USA?

Posted by Darlene Storm |

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Cybercrime and Hacking White Papers

Application Security Services - Government and Cyber Security: U.S. Public Sector Application Security Services bridge the gap between traditional application development processes and techniques, and the requisite security mechanisms needed to...
HP Cybersecurity Offerings: HP has been in the security business since our inception, providing critical security services to clients at every level of government and Fortune...
Streamline Compliance and Increase ROI: Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will...

Cybercrime and Hacking Webcasts

WikiLeaks: How am I Affected?: The latest WikiLeaks episode has raised questions about how organizations and governments protect their sensitive information. While this incident was isolated, it has...
Analytics Without Limits: The Latest on Oracle Exalytics In-Memory Machine and Oracle Business Intelligence: Analytics at the Speed of Thought

What if you could run financial and operational planning cycles 10 times faster? Or monitor and adjust...
EMC and VMware Solution Track: The EMC and VMware Solution Track is a single destination for the most up-to-date resources on how EMC can enhance, extend and accelerate...

IT Newsletters

Get the latest technology news and analysis on critical issues in the enterprise.

New Excel 0-day being exploited

Related Posts

Today's Top Stories

Hot Posts

Michael R. Farnum's Archive

IT Topics