Feb 19, 20080

30 Days & Microsoft Fails To Deliver A Security Update

It’s been almost a month when Microsoft announced a security breach in various versions of Microsoft Excel. They wrote about some details of the vulnerability but didn’t explain clearly about the solutions. Updates were promised after some research was over and it has now been more then a month since the research process is on. Someone knows when will they be releasing the update?

Software Affected

  • Microsoft Office Excel 2003 Service Pack 2.
  • Microsoft Office Excel Viewer 2003.
  • Microsoft Office Excel 2002.
  • Microsoft Office Excel 2000.
  • Microsoft Excel 2004 for Mac.

Software NOT Affected

  • Microsoft Office Excel 2007.
  • Microsoft Excel 2008 for Mac.
  • Microsoft Office Excel 2003 Service Pack 3.

How it works

The vulnerability can be exploited if an attacker uses a specially crafted Excel file with malformed header information. Successful exploitation allows execution of arbitrary code on victims computer.

Solution

Not yet released! Although as a precaution whenever you get some Excel file as an attachment do confirm about the attachment with the sender before opening the file. And do keep a check on this page to see when a patch is released.

More: Read about some more highly critical bugs found in our archives.


Feb 3, 20071

Vulnerability In MS Office Could Give Access To Your Computer

Microsoft and vulnerabilities have a relationship similar to a company boss and the subordinates. They hate each other but they cannot leave each other too. The fifth zero-day unpatched vulnerability has been confirmed by Microsoft.

Related Softwares:
Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac are the softwares found vulnerable.

What can cause the vulnerability:
When a user opens a specially crafted Office file using a malformed string, it may corrupt system memory in such a way that an attacker could execute arbitrary code.

How can an attacker exploit the vulnerability:
An attacker can somehow request you to click on some link which will take them to attackers site to download some office document. Otherwise the office document could be sent via email. Downloading the office document to your machine would help attacker corrupt the system memory in such a way that it can gain access to your computer.Workaround available:
Do not open or save Office files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Office file.

Microsoft is developing a security update for Office that addresses this vulnerability. It should be available soon.

[Image Source]


,

Translate & Subscribe

Stay updated with the latest articles via RSS

RSS Feeds

Subscribe By MailE-Mail Address:

More Useful Content

Going so soon? May these links be a guide to web enlightenment. Schwing!

Before you go

Please be generous to our sponsors. They are worth your visit.

Some Famous Articles

Some articles which were appreciated by all.

Twitter (follow me)

    Partner Sites