Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day Excel Exploit In the Wild

Posted by kdawson on from the be-careful-out-there dept.

snydeq writes "Microsoft Excel has a zero-day vulnerability that attackers are exploiting on the Internet, according to security vendor Symantec. The problem affects Excel 2007 both without and with Service Pack 1, according to an advisory on SecurityFocus, and other versions going back to Excel 2000. The program's vulnerability can be exploited if a user opens a maliciously crafted Excel file, allowing a hacker to leave a Trojan horse on the infected system."

4 of 117 comments (clear)

  1. Re:A work-around for it... apk by fuzzyfuzzyfungus · · Score: 3, Insightful

    That is only a workaround if you hate the guts of everybody who works the help desk...

  2. Re:Random E-mails by Lord+Ender · · Score: 5, Insightful

    Surely there is nothing wrong with opening attachments from untrusted sources.

    The real danger is in opening attachments from trusted sources. If this is used with an email worm, it will look like it is coming from your friends, coworkers, or any of your eight bosses. As a high priority, due yesterday, mission-critical action-item.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  3. Re:According to MS? It IS a work-around for this by fuzzyfuzzyfungus · · Score: 3, Insightful

    "will be unable to open Office 2003 files or earlier versions in Office 2003 or 2007 Microsoft Office System"

    That isn't going to go over well. At all.

  4. Re:Random E-mails by aarroneous · · Score: 5, Insightful

    I was just thinking that - it's 2009. Who is still opening DOC or XLS attachments?

    Umm... practically any company that does business with any municipal or state governmental agencies, law firms, accounting firms, etc etc. The question is who isn't opening DOC or XLS attachments from their clients, and how do they plan to stay in business?