Wednesday, January 16, 2008

Zero Day Exploit: MS Excel Allows Remote Code Execution

There is a zero day flaw found in Microsoft Excel and this vulnerability affects the following version:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002

Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac

What causes this threat ?

When a user opens a specially crafted Excel file and that has a malformed header information, the system encounters unspecified error, which can be exploited by malicious users and could lead to execution of arbitrary code.

According to Microsoft, there is an active attacks that currently exploits this vulnerabiltity. Thus, users are advised not to open untrusted Excel file.