Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

<b>Technology News:</b> Microsoft patches Excel vulnerabilities. By John Stokdyk

by
21st Mar 2006
Save content
Have you found this content useful? Use the button above to save it to your profile.

Excel was the primary focus for Microsoft's March security update, accounting for five out of six patches released to plug system vulnerabilities.

For users of Excel 2000, the vulnerabilities are rated as critical, as they could be activated merely by opening infected spreadsheets. For users of Excel 2002 and later versions, the vulnerabilities are rated as important, as the attacks would need to be activated by opening an email file attachment. For both earlier and later versions of Excel, the corrupt files could potentially give hackers remote control of your PC.

The five vulnerabilities all arise from the application's potential to be disrupted by wrongly formatted documents that can trigger Excel to open up access to the underlying operating system. According to Security Bulletin MS06-12, the potential exploits arise from the following weaknesses:

  • Malformed range
  • Malformed file format
  • Malformed description
  • Malformed graphic
  • Malformed record

    The Excel vulnerabilities have been reported to Microsoft from various security consultancies and catalogued on the Common Vulnerabilities and website Exposures (cve.mitre.org). According to Microsoft, no known instances of hackers attempting to exploit these vulnerabilities have been reported and it urged users to download patches immediately from appropriate Microsoft websites.

    The download locations are listed in Microsoft's March 2006 Security Bulletin Summary, along with copious, if impenetrable notes detailing all the vulnerabilities.

    A further patch was issued to close off a remote code vulnerability in Microsoft Office. According to Security Bulletin MS06-12, the point of attack is via a "routing slip" that can be added to Office documents to direct files to other users as an attachment to an email from the File-Send menu option. Like the five Excel flaws, the maliciously formed routing slip can cause the memory buffer to overflow and open the wider operating system up for the prospective intruder.

  • Tags:

    Replies (0)

    Please login or register to join the discussion.

    There are currently no replies, be the first to post a reply.