Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 

K. Brian Kelley - Databases, Infrastructure, and Security

IT Security, MySQL, Perl, SQL Server, and Windows technologies.

Excel Malformed File Vulnerability - Remote Code Execution

Today, Microsoft release a security advisory about a new vulnerability in Microsoft Excel. This one affects both PCs and Macs. The Microsoft Security Response Center blog has a post there as well. SecurityFocus has a bit more information, basically indicating Symantec is detecting files containing an exploit to the vulnerability as Trojan.Mdropper.AC.

Basically, the vulnerability is an attacker can create a malformed file which can then execute code on the system. That code will run in the context of the user opening the Excel document.

Thus far the indications from both Microsoft and Symantec is the attack is not very widespread. However, as with any attachment or download, make sure it's from someone or somewhere you trust and make sure it's expected before opening said file.

 

Comments

Posted by Anonymous on 6 March 2009

Microsoft's advance security bulletin has come out and it looks like they are planning on releasing

Leave a Comment

Please register or log in to leave a comment.