Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Business Intelligence

Servers & Data Center

Computerworld Reports

Case Study Library

Industry

This Week in Print

Print Subscriptions

See your link here

Michael R. Farnum

Hitting the Security Nerve

More posts | Read bio

February 23, 2009 - 10:45 P.M.

New Excel 0-day being exploited

TAGS:Excel, mdropper, Microsoft, Symantec, zero day
IT TOPICS:Cybercrime & Hacking, Security

Symantec is reporting that there is an exploit in the wild for an Excel 2007 and Excel 2007 SP1 zero-day remote code execution vulnerability (other versions may be affected as well). There's not a lot of publicly available information about the trojan or the vulnerability. Symantec is saying that the vulnerability is being exploited by a variant of the Mdropper trojan, which they are calling Trojan.Mdropper.AC. There are no patches for this yet (which is part of the definition for 0-day, so duh).

SecurityFocus says the following about how you can be affected:

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will result in a denial-of-service condition.

Basically this means just to be careful about Excel files you open. If you don't trust the source, don't open it.

Reply

Print

Reply

Related Posts

Testing Microsoft Security Essentials and the Hosts file

Microsoft Security Essentials is here; download it if you dare

It's time to get rid of Windows

Report: Microsoft Bing benefits from illegal pharmaceutical sales

Today's Top Stories

IE9 to tap hardware to boost performance

Free Web apps to help organize your holidays

Report: Microsoft may pay News Corp. to delist from Google

KT to sell iPhone in South Korea

New attack fells Internet Explorer

Google's Chrome OS hits BitTorrent

Hot Posts

Ubuntu's Canonical and Google partner to create Chrome

Posted by Steven J. Vaughan-Nichols | 91 comments

Five ways to improve Microsoft Office 2010

Posted by Preston Gralla | 9 comments

Google Phone is actually a VoIP phone?

Posted by Seth Weintraub | 7 comments

Recent Comments

Please explain...47 min 36 sec ago

Seriously?...2 hours 2 min ago

Yes of course! ...2 hours 24 min ago

White Papers & Webcasts

Mastering eDiscovery: The IT Manager's Guide to Preservation, Protection & Production
Get this paper now!

Extending Client Refresh - 11 Steps to Maximize Savings
Register Now!

Not Just Words: Enforce Your Email and Web Acceptable Usage Policies
Get this paper now!

Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!

Email Archiving: A Business-Critical Application
Get this paper now!

Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!

All White Papers | All Webcasts

Computerworld Reports

8 Questions To Ask About Your Intrusion-Security Solution

Computerworld Technology Briefings IT Service Management

Computerworld Briefing - Analytics: The Art and Science of Better

All Computerworld Reports

Sign up to receive updates on the latest Security resources

Receive the latest technology news and information.

	Computerworld Daily News (First Look and Wrap-Up)
	Computerworld Blogs Newsletter
	The Weekly Top 10

View all newsletters

* E-mail Address:

* Industry:

* Job Title:

* Company Size:

* Country:

* State:

I would like to receive offers via e-mail from Computerworld partners.

Michael R. Farnum's Archive

IT Topics

Sponsored Links

Play NetApp's New Data Defense Game.

Return on Information: Google Enterprise Search pays you back. Get the facts.

How Do You Rank as an Innovation Leader? Download Recent Study.

See how AT&T can help protect your network.

3 Innovations. 3 Free Downloads. Free trials of Windows 7, Windows Server 2008 R2 and Exchange Server 2010.

Citrix NetScaler with nCore Outperforms F5 BIG-IP - Learn More

64-page prescriptive guide to security, compliance, and IT operations.

Streamline IT Costs. Boost Performance with WAN Optimization

Enterprise Network & Server Monitoring Software. Cross over to Traverse...

Increase UPS efficiency without sacrificing protection

Crystal Reports Server: Single server access to reports & dashboards

Create new opportunities. See business making progress now

ESET NOD32 with ThreatSense(R) - Get your free trial now!

Looking to add Unix/Linux functionality to Windows?

Join the conversation about the hottest IT trends with Computerworld on Twitter.

ITwhitepapers.com - Access thousands of white papers on 300+ technical topics.

Leverage Your Cisco infrastructure for Superior Application Performance

Learn about the AMD Virtual Experience

Introducing: Project Icebreaker

Stay informed with custom newsletters from Tech Dispenser

New DW Options and Price Points. View Teradata Platform Family Data Sheet.

To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial

Play NetApp's New Data Defense Game.

Take the Netezza TwinFin TestDrive!

NetScaler VPX : Harness the Power of Virtualized Web App Delivery

Get more enterprise mobility value for up to 25% less.

Unified Communications: Thoughts, Strategies and Predictions. Join the discussion.

NYUs M.S. in Management and Systems. Offered Online and On-site.

Crystal Reports Server: More options. Not more money.

Parallelism is not just for HPC. Create rich apps from desktop to device. Get the eval.

Tolly Performance Report "Citrix NetScaler with nCore Outperforms F5 BIG-IP"

Save up to 61% plus Free Cheesecake

Find IT jobs in the Healthcare industry on Dice.com

With the NEW KODAK i700 Series Scanners get full speed at 300dpi!

Not All QSAs Are Created Equal: What You Should Know Before You Buy

The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability

The AMD Virtual Experience Virtual Trade Show

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map

CIO

CSO

DEMO

IDC

IDG

IDG Knowledge Hub

IDG TechNetwork

IDG Ventures

IDG.net

InfoWorld

ITworld

Macworld

The Industry Standard

Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.