Application security, Patch/Configuration Management, Vulnerability Management

New flaw affects Asian Microsoft Excel versions

A new vulnerability has been discovered in Asian-language versions of Microsoft Excel.

The flaw, which could be used by an attacker to take complete control of an affected PC, only affects Japanese, Korean and Chinese versions of Excel 2000, 2002 and 2003, as well as Microsoft Office 2000, XP and 2003, according to an advisory by the French Security Incident Response Team (FrSIRT).

"The flaw is due to a memory corruption error when handling or repairing a document containing overly long styles, which could be exploited by attackers to execute arbitrary commands by convincing a user to open or repair a specially crafted Excel file," according to the FrSIRT advisory.

No patch is available for the flaw, according to FrSIRT.

In the days following June's Patch Tuesday release, two new flaws for Excel were found.

Microsoft officials urged safe web-surfing and email practices in response to the flaws.

This Tuesday, Microsoft will release seven more patches – four for Microsoft Windows and three for Office.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.