Patch Management

Zero-day Microsoft Excel vulnerability reported

February 24, 2009
Updated on Tuesday, Feb. 24 at 3:12 p.m. EST

A new zero-day vulnerability is affecting Microsoft Excel, the software giant warned Tuesday in an advisory.

The bug first was noticed by Symantec researchers, who witnessed '"suspicious" Excel 2007 spreadsheets targeting customers in Japan, Patrick Fitzgerald said in a post on the company's website. The attackers are employing techniques to evade detection, such as encrypting the binary embedded in the malicious Excel document.

Successful exploitation allows an attacker to launch remote code and gain privileges as the local user, according to Microsoft. So far, attacks have been "limited and targeted," the company said. The issue impacts all supported versions of Excel, including Microsoft Office 2004 and 2008 for Mac.

An attack can occur by tricking a victim into opening an email attachment or visiting a website hosting the exploit, the advisory said.

The flaw is related to a boundary condition error, according to a SecurityFocus advisory published Monday.

Paul Henry, security and forensic analyst for patch management provider Lumension Security, said this zero-day flaw joins a number of previously patched Excel bugs that still are being leveraged in limited attacks. Roughly six or seven different Excel exploits remain active, Henry said.

Attackers often use social engineering tactics to spread the exploit, Henry said.

"The biggest fear here are targeted exploits -- going after specific individuals or companies or, for that matter, specific government entities," he told SCMagazineUS.com on Tuesday. "You typically wouldn't think twice about opening an Excel spreadsheet from a perceived friend or business partner."

Symantec is detecting the malicious spreadsheets "Trojan.Mdropper.AC."

prestitial ad