Home > Exploits, Vulnerability > Zero Day Exploit: MS Excel Allows Remote Code Execution

Zero Day Exploit: MS Excel Allows Remote Code Execution

There is a zero day flaw found in Microsoft Excel and this vulnerability affects the following version:

Microsoft Office Excel 2003 Service Pack 2
Microsoft Office Excel Viewer 2003
Microsoft Office Excel 2002

Microsoft Office Excel 2000
Microsoft Excel 2004 for Mac

What causes this threat ?

When a user opens a specially crafted Excel file and that has a malformed header information, the system encounters unspecified error, which can be exploited by malicious users and could lead to execution of arbitrary code.

According to Microsoft, there is an active attacks that currently exploits this vulnerabiltity. Thus, users are advised not to open untrusted Excel file.

  1. yadab das
    September 17, 2008 at 2:36 pm
  2. Methusela Cebrian Ferrer
    September 18, 2008 at 4:18 am

    Noted, Thanks!

  3. December 11, 2008 at 6:59 pm

    exploit-ms excel.h – file found on our system today.
    What do we do to take care of it?

    • Methusela Cebrian Ferrer
      December 12, 2008 at 11:21 pm

      Hi Diane, do you still have a copy of exploit ms excel file ? If so, please zip it and password protect it with word “virus”. Here’s a good reference how to do it http://www.sheilds.org/article110.html.
      Then send to meths101(at) optusnet (dot) com (dot) au. This will help me understand this threat and provide you idea how to clean up your machine.

      Or could you provide further information like exact detection name (if you have), and MD5 hash..

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: