Tuesday, June 20, 2006

New MS Excel Vulnerability

PandaLabs has discovered a malicious code that takes advantage of an Excel vulnerability. This flaw causes an unknown error and could allow an attacker to download and run code.

To do this, the attacker sends the target user an Excel file that runs the exploit code and downloads a Trojan, detected as Trj/Downloader.JFN, which in turn tries to download another file.

This vulnerability can be used in the future to download any other executable file. As there is no documentation or security patch to fix this flaw, it is possible that other malicious code may appear in the next few days that takes advantage of this vulnerability.