N/A

Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC.

N/A

N/A

Microsoft Excel无效对象引用代码执行漏洞

Excel是微软Office套件中的电子表格工具。 如果用户使用Excel打开了畸形的.xls文档的话，就可能会引用无效的对象，导致以当前登录用户的权限执行任意代码。目前这个漏洞正在被名为Trojan.Mdropper.AC的木马积极的利用。当木马运行时，会在系统留下以下文件： %Temp%\rundll.exe 之后木马试图从以下位置下载更多的文件： [http://]61.59.24.55/sb.php?id=[19个随机ASCII字符] [http://]61.59.24.45/sb.php?id=

N/A

N/A