January 17, 2008

New Security Hole Discovered in Excel

Microsoft Relevant Products/Services warned Tuesday that hackers are exploiting a vulnerability in numerous versions of Excel. Opening a malicious Excel document compromises the user's machine and allows hackers to execute remote code.

Microsoft said the risk is "limited" since the malicious code has not been widely disseminated. "At this time, we are aware only of targeted attacks that attempt to use this vulnerability," Microsoft Security Advisory 947563 said.

The vulnerability affects Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Microsoft Office Excel 2002, Microsoft Office Excel 2000 and Microsoft Excel 2004 for the Macintosh.

A web-based attack would require a hacker to host the malicious Excel file on a Web site and convince a victim to open it, Microsoft said.


No comments: