Another Excel 2003 file format exploit discovered in the wild
By Scott M. Fulton, III | Published January 16, 2008, 7:54 PM
A new and reportedly dangerous exploit has been discovered already in the wild, and this time it affects users of Excel with the older file format.
Security firm Secunia today is classifying as extremely critical an exploit involving versions of Excel 2003 prior to Service Pack 2. Though Microsoft released a security advisory on the problem this morning, there are no available details as to the nature of the exploit.
However, it would appear its discovery -- unusually for the present day -- was on account of the exploit already having been released in the wild this time, for a true "zero-day" affair.
According to a Microsoft security advisory released yesterday, public reports alerted the company to the vulnerability. It's advising customers once again not to open Excel 2003 documents from an untrusted source, or to use a tool called the Isolated Compatibility Environment (MOICE), part of the Office Compatibility Pack, to convert files into the new Office Open XML format. Through the Compatibility Pack, the converted files would still be accessible through Excel 2003, according to a Microsoft Knowledgebase article published last May.
Back in June 2006, Microsoft reported a critical vulnerability caused by Excel 2003 files, which it said at that time could trigger remote code execution. This week's vulnerability was described with somewhat less detail: Apparently a maliciously crafted Excel file can elevate the privileges of limited accounts. Usually that can result in the capability of running code remotely, though Microsoft did not specify that explicitly, which could mean that this week's vulnerability may invoke the trigger but may not carry a malicious payload.
Ok, an exploit.. Now the question is: What is more dangerous for you?
a) "A maliciously crafted Excel file can elevate the privileges of limited accounts"
or
b) A malicious company that disable previous formats masked as "service pack" update (and later releases news about an exploit that is effective ONLY with previous versions?)
I do not think Microsoft released such virosic code just because it should hang, crash or not replicate as planned until updated versions appears (Windows Virus SP1, or SP2?)...
doh x 2!
Score: 0
Sounds like you're just talking rubbish and not real-world facts.
Score: 0
If you take your tinfoil hat off for a minute, you'll realize what you wrote does not make sense.
If you actually read the article it says "an exploit involving versions of Excel 2003 prior to Service Pack 2".
So it it your contention that the last Office service pack (SP3) disabled the file format for Excel 2003 Service Pack 1?
Then you would be wrong, since Excel 2003 SP1 uses the same file format as Excel 2003 SP3 and therefore it was not disabled.
The only formats blocked are:
Lotus and Quattro files, Dif and Sylk files, Word 1.x and 2.x files, DBASE II files, and PowerPoint 97 files.
But hey, it gives the kooks an opportunity to bash Microsoft, so facts shouldn't get in the way.
Score: 0
Boys, before posting, please read twice.
First, the vulnerability affects Excel 2003 SP2, betanews article states otherwise but is wrong look at the microsoft page: http://www.microsoft.com...ty/advisory/947563.mspx
I think this is way to try to convince users that "older formats" are bad and that is pathetic.
I am against any kind of fanaticism, but I do not like Microsoft business practices at all.
@testman: No rubbish, just reflexions about what I see. My sin, maybe, is try to make the people understand why some news are published (or not). No rubish at all, think about it.
Score: 0
doh!
Score: 0