Thursday, January 17, 2008

Vulnerability in Microsoft Excel....

Danger MS OfficeA vulnerability was reported in Microsoft Excel. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create an Excel file with a specially crafted header that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.

All version of Excel are affected except Microsoft Office Excel 2007, Microsoft Excel 2008 for Mac, and Microsoft Office Excel 2003 Service Pack 3

Currently there is no solution available (at the time of this entry).

While pending for the availability of a patch, hackers and malware creator will be targeting IM and Emails actively during this period. I will advise users running older versions of Excel to avoid opening unfamiliar or unexpected email/IM attachments.

Related Reports:
- Microsoft Security Advisory (947563), Vulnerability in Microsoft Excel Could Allow Remote Code Execution

- Hackers go after Excel (The Register)

No comments: