Forum latest

Excel vulnerable to zero-day attack
Written by Gizmo   
Tuesday, 06 February 2007 07:15
Microsoft have issued a security bulletin warning users of a "very limited" zero-day attack against Microsoft Excel.

Versions of Excel in Office 2000, XP, 2003, and Office for Mac 2004 are vulnerable to this attack.  Versions of Excel included in Office 2007 or Works 2004, 2005, or 2006 are NOT vulnerable.

The attack requires the user to open a carefully crafted malicious file.  Once the file has been opened, arbitrary code may be executed.  This attack may come via e-mail, malicious web page, or any other mechanism where there user can be tricked into opening the affected file.

The Microsoft security bulletin notes that while Excel is the current attack vector, other Office applications may also be affected.

There is currently no patch to address this issue, as Microsoft are still investigating it.  Users are advised not to open attachments in emails from unknown people, and to not open files from untrusted sources.  In addition, users of Office 2000 can download the Office Document Open Confirmation Tool, which will cause Office 2000 to request the user's permission before opening a document.

Comment in the forums!

Don't Click Here Don't Click Here Either