Thursday, 22 June 2006
Microsoft Excel Attack Saga |
| |
|
| |
Late last week, Microsoft had published an alert warning Excel users of a type of malware. Again, earlier this week, a second vulnerability in the spreadsheet software was reported by a hacker that is documented here. Microsoft's Security Response Center had said in a blog posting on Wednesday that it was investigating reports of a second vulnerability affecting Excel, and had examined a PERL script that demonstrates the flaw. The company then attributed the problem to hlink.dll, a Windows component.
Now, Excel users have one more reason to worry. On Tuesday, a hacker published code that takes advantage of an unpatched flaw in the Microsoft spreadsheet software, the third such exploit to be disclosed in the past week. This attack could be used to run unauthorized software on a PC, but it requires that the victim first be tricked into opening an Excel document, according to an alert published on the Securitytracker.com Web site. The attack takes advantage of Adobe Systems' Flash technology, which can be used to provide graphics and animation to Excel documents. "When the target user opens the Excel file, the [malicious] Flash code will execute automatically without user interaction," the alert states. [More Info] |
| |
|
|
| |
|
|
| |
|
|
| |
|
