SDA India is an online resource for Software, Development,IT, Architecture, Open Source, Mobile, Security, Databases, Delphi, C, OS, Asp, .Net, Php, Xml, Java
From the News Desk
Thursday, 17. January 2008
Windows and Mac Users Hit With Excel Vulnerability
Microsoft this week warned Windows and Mac users that cyber attackers are remotely exploiting a flaw in Excel to take over computers.
The problem in Excel allows a hacker to create a malicious Excel document that when opened can compromise a computer, Microsoft said in an advisory. The vulnerability could allow remote code to be executed on a computer, which means a user risks having their personal data exposed.
The issue exists in Excel versions 2003 with Service Pack 2, Viewer 2003, 2002 and 2000 for Windows, as well as Excel 2004 for Mac.
Those who have installed Office Service Pack 3, which includes updates for Excel as well as other products in the office productivity suite, are not affected, Microsoft said. That service pack was released last September. Also not affected are Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1 and Microsoft Excel 2008 for the Mac.
The issue can be exploited via email or a specially crafted website. For a message-based attack, a victim would have to open an Excel attachment, while a web-based scenario exposes the user to exploitation from sites that feature user-created content, according to Microsoft, which urged users to employ the Office Isolated Conversion Environment or Office File Block Policy, if available, to view messages.
Both Microsoft and US-CERT, part of the national cyber security division at the Department of Homeland Security, recommend that Microsoft Office users not open unexpected e-mail messages with attachments or messages from unfamiliar sources.
Microsoft did not indicate when it would issue a patch for the problem.
The problem in Excel allows a hacker to create a malicious Excel document that when opened can compromise a computer, Microsoft said in an advisory. The vulnerability could allow remote code to be executed on a computer, which means a user risks having their personal data exposed.
The issue exists in Excel versions 2003 with Service Pack 2, Viewer 2003, 2002 and 2000 for Windows, as well as Excel 2004 for Mac.
Those who have installed Office Service Pack 3, which includes updates for Excel as well as other products in the office productivity suite, are not affected, Microsoft said. That service pack was released last September. Also not affected are Microsoft Office Excel 2007, Microsoft Office Excel 2007 Service Pack 1 and Microsoft Excel 2008 for the Mac.
The issue can be exploited via email or a specially crafted website. For a message-based attack, a victim would have to open an Excel attachment, while a web-based scenario exposes the user to exploitation from sites that feature user-created content, according to Microsoft, which urged users to employ the Office Isolated Conversion Environment or Office File Block Policy, if available, to view messages.
Both Microsoft and US-CERT, part of the national cyber security division at the Department of Homeland Security, recommend that Microsoft Office users not open unexpected e-mail messages with attachments or messages from unfamiliar sources.
Microsoft did not indicate when it would issue a patch for the problem.
