Microsoft announces Excel security flaw

By aodle56 at 7:50 pm on January 17, 2008Comments Off on Microsoft announces Excel security flaw

According to vnunet.com, Microsoft recently announced they are actively investigating a potetially serious security flaw that targets Microsoft Excel 2003 users. Apparently, attackers can place malicious code in the Excel document header that executes upon opening the document. Upon excecution, the attacker gains access to the user’s machine under the permissions of the current user.

In the mean time, Microsoft suggests downloading service pack 3 for Excel as they appear to be protected against the attack. In addition, they recommend not opening any attachments from an unknown sender.

 What I’m most interested in is, how does the attack work? Does anyone have any ideas how you could potentially gain access to someone’s computer through .xls headers? I read that the attack “corrupts system memory” giving the malicious user access to the remote machine. It sounds somewhat similar to our current project..

Filed under: Current EventsComments Off on Microsoft announces Excel security flaw

Comments are closed.