Computer Crime Research Center


Excel flaws attacked

Date: June 20, 2006

A flaw in Microsoft Corp.'s Excel spreadsheet could allow criminals to remotely control a computer, the company confirmed Monday.

Microsoft, the world's biggest software maker, is aware of just one case in which a user was attacked via the vulnerability, according to a Web site posting by Mike Reavey, the company's lead security program manager.

In order to become infected, a person must open a maliciously formatted Excel document that is sent via e-mail or other means. The malicious code runs when the spreadsheet is opened. The infection makes it possible for a person to steal passwords, bank accounts and other sensitive information and to use the computer to send spam and carry out other illegal activities.

"Remember to be very careful opening unsolicited attachments from both known and unknown sources," Reavey wrote.

The advisory, which Microsoft issued last week, came days after it issued patches for 21 vulnerabilities in products ranging from its Windows operating system to Office, its bundle of software for word processing, e-mail and other programs. It came a month after the Redmond, Wash.-based company confirmed a flaw in Word, its word processing program.

Last week's patches did not address the latest vulnerability. The next round of updates is scheduled to be made available next month.
Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo