If you want on or off the Mac Ping List, Freepmail me.
• This vulnerability could not be exploited automatically through a Web-based attack scenario. An attacker would have to host a Web site that contains an Office file that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site.
MIcrosoft FAQ on the Excel security flaw.
A trojan, in the wild, that attacks a Microsoft product causing it to crash is deemed a "flaw".
An unreleased example of a trojan on a Mac that still requires the user to give the trojan an admin username and password in order to do its dirty work is reason to panic.
The vulnerability is caused due to a boundary error in hlink.dll within the handling of Hyperlinks in e.g. Excel documents. This can be exploited to cause a stack-based buffer overflow by tricking a user into clicking a specially crafted Hyperlink in a malicious Excel document.
Secunia Excel Security Report
This is not as serious a flaw for Mac OS X users. Unlike Windows, OS X does not permit execution of any executable from the buffer... so the most it can do is to crash Excel on a Mac.
If you want on or off the Mac Ping List, Freepmail me.
Is anyone else as peeved by this kind of stuff as I am? I've had serious issues trying to get data to people because of this idea of just blanket blocking of file types. It really pisses me off sometimes. A couple of times, the only way I could get data to a vendor that I needed to have them look at was to ftp it to them.
Microsoft malware is a plague.