Themes & Channels
Excel 0-Day flaw used in targeted attacks
By Jerome Saiz, Thu, January 17th, 2008
Microsoft admitted a 0-Day vulnerability in some version of its Excel software was being actively used to target specific enterprise. The flaw allows to compromise a user's PC upon opening a booby-trapped document.
This non-disclosed 0-Day vulnerability affects Microsoft Excel and is being actively used at this time in targeted attacks. Such operations are mounted to compromise a specific company, usually by sending a specially crafted booby-trapped document to a victim within the company. Specific names and a company-related context are often used to trick the victim into opening the document.
This vulnerability is reported in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for Mac. Recent versions (Office 2007, 2008 and 2003 SP3) are not vulnerable.
No technical details about this vulnerability are available at this time. Microsoft advice to not open untrusted Excel documents or, more realistically, to use its MOICE (Microsoft Office Isolated Conversion Environment) application. This free solution converts the binary format used by Excel in the safer Office Open XML format.
More about this news :
- Microsoft's official alert
- Microsoft Office Isolated Conversion Environment (MOICE)
Print this news
Into IAM ?
The IAM 2008 Series
SecurityNewsletter interviews major Identity & Access Management players to give you the lead on what IAM will be in 2008.