http://www.sqlservercentral.com/blogs/brian_kelley/2009/02/24/excel-malformed-file-vulnerability-remote-code-execution/

Printed 2014/08/27 11:13PM

Excel Malformed File Vulnerability - Remote Code Execution

2009/02/24

Today, Microsoft release a security advisory about a new vulnerability in Microsoft Excel. This one affects both PCs and Macs. The Microsoft Security Response Center blog has a post there as well. SecurityFocus has a bit more information, basically indicating Symantec is detecting files containing an exploit to the vulnerability as Trojan.Mdropper.AC.

Basically, the vulnerability is an attacker can create a malformed file which can then execute code on the system. That code will run in the context of the user opening the Excel document.

Thus far the indications from both Microsoft and Symantec is the attack is not very widespread. However, as with any attachment or download, make sure it's from someone or somewhere you trust and make sure it's expected before opening said file.

 


Copyright © 2002-2014 Simple Talk Publishing. All Rights Reserved. Privacy Policy. Terms of Use. Report Abuse.