Information Technology News Microsoft admits to new Excel vulnerability | Microsoft admits to new Excel vulnerability |
|
|
|
| Written by Angus Kidman | |
| Tuesday, 06 February 2007 | |
|
The potential vulnerability, which affects the versions of Excel found in Office XP, Office 2003, Office 2000 and Office 2004 for Mac, could allow hackers to run any code they choose by placing a series of special characters inside an Excel file. Users would have to deliberately open a specially-crafted file to be impacted by the vulnerability. However, this is not a particularly difficult scenario to create, with a large number of high-profile malware attacks such as the recent 'Storm' virus using a combination of code concealed in a file and social engineering techniques designed to persuade users to open that file. In the security advisory outlining the problem, Microsoft said that while it believed the problem was limited to Excel, it was possible it could also impact other Office applications of the same vintage. Commonly used applications in Office include Word, Outlook and PowerPoint. The vulnerability does not affect the newly-released Office 2007.
Microsoft has come under increasing pressure in recent months over its security approach, which has emphasised a monthly 'Patch Tuesday' group of vulnerability fixes rather than releasing patches as quickly as possible.
Get stories like this delivered daily - FREE - subscribe now When you subscribe get a 12 months license for LiveProject Valued at $99 USD  Download the FREE iTWire desktop alert widget
  |
Tags
| < Prev | Next > |
|---|
Subscribe to iTWire's daily e-newsletter now and get a FREE 12 month license to project management software valued at $99 USD. 
