New Microsoft Excel Falls Prey to Vulnerability
Microsoft on January 15, 2008 released its security advisory on the issue concerning the flaws in the security of its Excel spreadsheet application. According to the security advisory, spammers have already started exploiting the vulnerability of the spreadsheet. The Microsoft excel spreadsheet can be exploited by running a malicious code.
The spam can cause the greatest harm to Microsoft Excel 2004 for Mac, Microsoft Office Excel 2003 Service Pack 2, Excel 2002, Excel 2000, and Excel Viewer 2003. However, the spreadsheets that have remained unaffected from the harmful effects of malware are Excel 2007, Excel 2003 with Service Pack 3, and Excel 2008 for Mac.
The Excel sheet that gets infected with the malicious spyware can damage a computer by helping to access a PC remotely. This further makes the data available on the PC, equally vulnerable and susceptible to spam attacks. Above all, the Microsoft Excel spreadsheets are especially designed for business needs and hence pose a greater risk of damage.
The flaw of the Microsoft Excel sheet lies on its Excel file that has been designed maliciously containing malformed header information. The spammers could gain out of the Excel sheet by attacking and exploiting the vulnerability concerning malformed header information. The attacker in order to exploit the vulnerability of the Excel sheet has to horde a website, which contains a specially crafted Excel file.
Apart from this, all the websites that allow host user-provided content could also be loaded with specially designed content that can help in exploiting its vulnerability. The spammer through this website has to persuade users to click the link given on an e-mail message or on a message sent by instant messenger, so that they can be guided to the hacker's website.
Exploiting bugs have been an age old practice for the spammers. Be it the vulnerability in MS Office format, or in Excel, the after effects are not new. Since two years, spammers are hacking Word, PowerPoint and Excel formats through the bugs in these applications.
In August 2007, Microsoft upgraded the edition of Excel issuing its improved version as MS07-044. The further updated versions fixed the format flaws in Excel 2000, Excel 2002, Excel 2003 and Excel 2004 for Mac as well.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 28-01-2008