February 04, 2007

Microsoft Excel target of new zero-day exploit

Attackers are exploiting a new zero-day vulnerability in Microsoft Excel, researchers said.

Microsoft on Friday released an advisory warning users that it is investigating reports of "very limited" exploits of Excel in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Macintosh.

"This is an issue that could allow an attacker to execute code on a user's machine in their security context by convincing them to open a specially crafted Office document," Alexandra Huft said on the Microsoft Security Response Center blog.

Huft said Redmond currently is only aware of Excel serving as the vector, but she cautioned "the issue can affect all Office documents."

The new Office bug adds to a growing list of unpatched vulnerabilities in the popular application, including at least four affecting Word.

The next "Patch Tuesday" is scheduled for Feb. 13.

Click here to email reporter Dan Kaplan.

 

Related Articles
Related Topics

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.