Zero-Day Excel Exploit In the Wild - Slashdot

Please create an account to participate in the Slashdot moderation system

×

Zero-Day Excel Exploit In the Wild 117

Posted by kdawson on Tuesday February 24, 2009 @04:13PM from the be-careful-out-there dept.

snydeq writes "Microsoft Excel has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. The problem affects Excel 2007 both without and with Service Pack 1, according to an advisory on SecurityFocus, and other versions going back to Excel 2000. The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file, allowing a hacker to leave a Trojan horse on the infected system."

This discussion has been archived. No new comments can be posted.

Zero-Day Excel Exploit In the Wild

Search 117 Comments Log In/Create an Account

Comments Filter:

A work-around for it... apk (Score:2, Interesting)

by Anonymous Coward writes: on Tuesday February 24, 2009 @04:24PM (#26974507)

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Excel\Security\FileOpenBlock]
"BinaryFiles"=dword:00000001
APK

Share
twitter facebook
And what about SharePoint? (Score:4, Interesting)

by Penguinisto ( 415985 ) writes: on Tuesday February 24, 2009 @04:35PM (#26974643) Journal

While such a vector would be pretty useless on the public nets, just out of academic curiosity, I wonder: how fast would this critter would travel if it got loaded onto a SharePoint site (you know, one with the handy Excel-handling plugin turned on?)
Looking at it from the other end, how do you protect from such an eventuality without shutting off the plugin?
/P

Share
twitter facebook
MS Vista becoming more secure? (Score:3, Interesting)

by wealthychef ( 584778 ) writes: on Tuesday February 24, 2009 @06:07PM (#26975673)

FTFA: "Hackers have increasingly sought to find vulnerabilities in applications as Microsoft has spent much effort into making its Vista OS more secure."
Is this true? Any corroborating info from anyone?

Share
twitter facebook
Funny, but that won't help solve the problem. (Score:4, Interesting)

by jbn-o ( 555068 ) writes: <mail@digitalcitizen.info> on Tuesday February 24, 2009 @09:27PM (#26977589) Homepage

Some people have jobs which require opening email attachments from unknown people. Secretaries are often the first point of contact for files sent by the general public. The secretary is often charged with opening the attached file(s) to make sure they're conformant in some organizational sense, then placing a copy of the file somewhere appropriate (such as a file server where other people can further vet the files).
I can easily see a situation where people are asked to upload files via a website to be opened by a committee later. Then everyone on the committee could be running on their machine with an administrative account (common for people who just bought a computer, sometimes having an admin account is viewed as a position of power and privilege).
I'm not saying that any of these problems can't be solved. I'm saying that to frame the issue as strange malcontents trying to take advantage of someone isn't addressing the complexity of the issue at hand.
It seems that this is just another area where overly-capable file formats, proprietary software, and programs that attempt to do too much are all coming together in an unpleasant way...again.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

He has not acquired a fortune; the fortune has acquired him. -- Bion