- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Attackers are exploiting a vulnerability that lies within several versions of the Excel spreadsheet program, Microsoft warned late Tuesday.
The problem in Excel allows a hacker to create a malicious Excel document that when opened can compromise a computer, Microsoft said in an advisory. The vulnerability could allow remote code to be executed on a computer, which means a user risks having their personal data exposed.
Microsoft downplayed the risk, saying only targeted attacks have been seen. But since Microsoft Excel documents are commonly used for business, vulnerabilities such as this pose a greater risk.
"Users are familiar with the document being sent to them and are likely to open it," wrote security analyst Maarten Van Horenbeeck, in a commentary on the Web site for the SANS Internet Storm Center, which monitors Internet threats.
The vulnerability is within the Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and the Mac version, Microsoft Excel 2004.
Those who have installed Office Service Pack 3, which includes updates for Excel as well as other products in the office productivity suite, are not affected, Microsoft said. That service pack was released last September.
Also not affected are Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1 and Microsoft Excel 2008 for the Mac.
A PC user could be attacked a couple different ways. An e-mail with a malicious Excel attachment could be sent, upon which a user would have to download and open it to be exposed, Microsoft said. A hacker could also create a Web site hosting the file and try to persuade people to download it.
Microsoft did not indicate when it would issue a patch for the problem. People who think they may have been attacked can contact Microsoft and their national law enforcement agency.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (1)
Microsoft warns of new Excel vulnerabilityBy Microsoft Subnet on January 16, 2008, 11:29 amIt is amazing how well social engineering attacks will work. A malicious Excel spreadsheet sent from a trusted source by spoofing the e-mail address of that source...
Reply | Read entire comment
View all comments