Trilight Zone Forum Index Trilight Zone
Privacy & Anonymity is our speciality !
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Mysterious Excel Flaw Warning Appears

 
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security
Author Message
tricore
Guest
PostPosted: Thu Jan 11, 2007 7:15 am    Post subject: Mysterious Excel Flaw Warning Appears Reply with quote
A security advisory for a "critical" Microsoft Excel vulnerability has been posted on Fortinet's Web site, but the absence of adequate documentation puts the issue under a cloud of mystery.


In the alert, Fortinet's security research team described the issue as an improper memory access vulnerability that "could allow an attacker to take complete control of the affected system."

Secunia rates the bug as "highly critical," although there is no verification or supporting information.

The Fortinet warning comes on the same day Microsoft is scheduled to ship three "critical" bulletins with fixes for holes in its Office productivity suite, and my guess is Fortinet accidentally published its advisory ahead of Redmond's Patch Tuesday release.

Fortinet lists the following as affected:

Microsoft Office 2000 Service Pack 3
Microsoft Excel 2000
Microsoft Office XP Service Pack 3
Microsoft Excel 2002
Microsoft Office 2003 Service Pack 2
Microsoft Excel 2003
Microsoft Office Excel Viewer 2003
Microsoft Works Suites:
Microsoft Works Suite 2004 (same as the Microsoft Excel 2002 update)
Microsoft Works Suite 2005 (same as the Microsoft Excel 2002 update)
Microsoft Works Suite 2006 (same as the Microsoft Excel 2002 update)
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac

The 2007 Microsoft Office system and Microsoft Office Excel 2007 are not affected.

Fortinet says a remote attacker could construct an .xls file and place it on a Web site to launch attacks. "When the user opens the .xls file with the Microsoft Internet Explorer, the browser will automatically call Microsoft Excel to open the .xls file.

"[T]his will cause Microsoft Excel to crash; then, the .xls may allow the attacker to execute arbitrary code," the company warned, explaining that the flaw exists due to Microsoft Excel's manipulation of specific opcode.

The advisory includes a note that users should apply the update provided by Microsoft, but there is no link pointing to an update.

The Patch Tuesday bulletins from Microsoft are usually posted around 2 p.m., Eastern.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    Trilight Zone Forum Index -> Security All times are GMT
Page 1 of 1

 


Powered by phpBB © 2001, 2005 phpBB Group