Well as of my last count, we have three 0-day vulnerabilities
for MS Excel. They’ll be detected as the following:

TROJ_SASHDOWN.A
TROJ_URXCEL.A
TROJ_EMBED.AN.

Here’s a brief description of this new vulnerability:

Malicious Flash files with explicit java scripts
can be embedded within excel spreadsheets using a “Shockwave Flash
Object” which can be made to run once the file is opened by the
user. It doesn’t require user’s intervention to activate the object
rather it runs automatically once the file is opened.


An attacker can use excel as a container to spread malicious flash
files which will execute once the excel file is opened by the user.
For more details refer the PoC below.


Note: The same flash file does not directly run when it is
*inserted* into the excel file as *objects*. However if it is
embedded using “Shockwave Flash Object”, it plays *on load* of the
excel file. Here there is no user intervention required to trigger
the flash file. It automatically plays once the excel file is
opened.

These are all detected using the latest control pattern release
however no generic patterns have been created yet. I beleive this
will still depend on the assessment by the research team regarding
excel headers.