Two remote code execution exploits that take advantage of vulnerabilities affecting Windows have been publicly released.
The first code targets a critical Windows Remote Access Connection Manager vulnerability (MS06-025) addressed last week. Microsoft Windows 2000 systems are primarily at risk from this exploit.
The second code exploits the recently disclosed Windows / Excel memory corruption (0day) and opens a command shell on port 4444 when a specially crafted link is clicked. Comments
FrSIRT Current Threat Level has been raised to ELEVATED (Level 2/4) ... We should expect to see active exploitation of these vulnerabilities in the wild within a few hours.
Published : 2006.06.22 - 11:12:55 UTC
FrSIRT noted developments for MS06-025 and revised their status from "Green" to "Yellow" overnight. The MS06-025 exploit impacts W/2000 users but not XP SP2 users. Hopefully, there won't be in-the-wild attacks as they are anticipating with the exploit code publicly released
Everyone should be on the latest security patches and avoid continue to avoid untrusted Excel documents until Microsoft patches these vulnerabilities.
Microsoft Windows Exploits Out - FrSIRT CTL™ Raised to Level 2
Microsoft Windows Routing and Remote Access Code Execution Issues (MS06-025)