Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Excel Users Susceptible To New Vulnerability

Posted by CmdrTaco on from the safer-and-safer dept.

nandemoari writes "Microsoft has warned users that yet another critical vulnerability has been found in its popular Office spreadsheet program Excel. The flaw could allow remote hackers to open and run malicious code on an unsuspecting user's computer through an infected spreadsheet file. Products affected include Office 2000, Office 2002, Office 2003, Office 2007, Office 2004 for Mac, Office 2008 for Mac, and the Open XML File Format Converter for Mac."

13 of 64 comments (clear)

  1. dupe? by pak9rabid · · Score: 4, Informative

    http://it.slashdot.org/article.pl?sid=09/02/24/1938259

    1. Re:dupe? by maxume · · Score: 5, Informative

      Don't be a dildo. The article linked in the summary points to an article on Ars that points to this page:

      http://www.microsoft.com/technet/security/advisory/968272.mspx

      The link in the comment you replied to points an infoworld article that points to this page:

      http://www.microsoft.com/technet/security/advisory/968272.mspx

      The articles are about the same issue.

      --
      Nerd rage is the funniest rage.
  2. Really?? by aztektum · · Score: 3, Funny

    I hadn't heard

    --
    :: aztek ::
    No sig for you!!
  3. Leave it to Microsoft... by Anonymous Coward · · Score: 2, Insightful

    ... to create a vulnerability on my Mac.

    1. Re:Leave it to Microsoft... by emocomputerjock · · Score: 5, Funny

      Consider it revenge for Quicktime.

  4. And people wonder why... by Indy1 · · Score: 3, Insightful

    I choose to use open office, even though I get M$ office free through work.

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
    1. Re:And people wonder why... by hairyfeet · · Score: 2, Insightful

      The problem with OO.o is while Writer can take the place of Word for most folks, unless you work in an office that needs those little functions that Word does that Witer don't, according to everyone I've talked to that uses spreadsheets Calc is a freaking bad joke compared to Excel.

      Now since I am not a spreadsheet user I can't give you a nice bulletpoint list, although I'm sure there are plenty here who could, but I have worked with enough SOHOs and SMBs to know that there is NO WAY in hell to replace Excel with Calc. They simply aren't in the same league. Maybe now that they seem to have Writer down they will devote the resources to bringing Calc up to par, but with this economy that is doubtful.

      So while I am glad you have the ability to switch, I'm willing to bet you do the vast majority of work in Writer and NOT in Calc. That is why I give OO.o free to my home customers but not to my business ones. Because for home users OO.o is a quite capable MS Office replacement. Businesses? Not so much.

      --
      ACs don't waste your time replying, your posts are never seen by me.
  5. OO to the rescue? by Joska · · Score: 2

    Does this mean that OpenOffice is the workaround for the moment?

    1. Re:OO to the rescue? by Rary · · Score: 3, Informative

      Does this mean that OpenOffice is the workaround for the moment?

      Well, that, or not opening unexpected spreadsheets emailed to you by random strangers.

      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

    2. Re:OO to the rescue? by cortesoft · · Score: 3, Informative

      The problem with this strategy is the the emails are often times from people you know. These don't normally spread because some spam farm is emailing random addresses, but by having an infected person's computer email all the addresses in their address book (people you know) a copy of the virus. So basically the advice should be to never open unexpected spreadsheets from ANYONE, not just random strangers.

  6. And we all know that the "From" field in emails... by cpu_fusion · · Score: 2, Insightful

    ... is a reliable indicator of who sent the email... ;-)

  7. They can do better, here's proof. by b4dc0d3r · · Score: 3, Informative

    http://support.microsoft.com/kb/935865

    The Microsoft Office Isolated Conversion Environment (MOICE) feature that is added to the Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats is used to more securely open Word, Excel, and PowerPoint binary format files.

    They have the code to do this securely... but can't implement it because users want the features which allow security holes. Disable macros and probably internet connections too, convert the file, then open it. Look at all the "issues", which are essentially MS saying these are dangerous (but still in the design).

    • After you use MOICE to convert a file, the default save location is the %temp% folder when you try to save the file. Also, the %temp% folder is the default folder when you try to open a file.
    • Anyone who has access to the computer can view the files in the %temp% folder.
    • When you use MOICE to convert a file, the converted file is saved in the %temp% folder. The converted file is not deleted from the %temp% folder when the file is closed. If a file is opened multiple times, the file is converted multiple times. Additionally, more than one copy of the file is saved in the %temp% folder. If you have made changes to the first copy of the document, the second copy of the document will not contain the changes.
    • By default, the applicable program opens after MOICE finishes a file conversion. Then, the converted document is opened. (...snipped...)
    • Smart tag data is stripped from PowerPoint presentations when you use MOICE to convert a presentation that contains smart tags.
    • Macros are stripped from files when you use MOICE to convert files that contain macros.
    • When you open a file by using a link inside a file that has been converted by MOICE, the linked file is not converted by MOICE.
    • Embedded documents cannot be converted.
    • Documents that use rights management cannot be converted.
    • Documents that use passwords cannot be converted.
    • You cannot use the Edit Document in Microsoft Office Program_Name feature in Microsoft SharePoint when you use MOICE to convert Office files.
    • If damage exists, it will be removed from a binary Word 97-2003 Document (*.doc) file during the conversion. Therefore, the contents of the file may change unexpectedly.
  8. Re:virus protection for mac by lord_rotorooter · · Score: 2

    As with any religion those facts are swept under the table to better keep the faith. Only think happy thoughts, don't let reality distract the warm fuzzy feelings...