Another zero day Excel flaw spotted
A week after the first
By Nick Farrell: Thursday 22 June 2006, 08:28
JUST AS MICROSOFT tries to fix a zero day Excel hole spotted last week, another bug in the popular spreadsheet program has been found.
According to an alert Symantec sent to customers the second zero day bug could cause Excel to crash after a malicious file is opened and there was a risk that an intruder could commandeer a PC and arbitrary code.
Symantec said that the problem is caused because Excel fails to properly check user-supplied input before copying it to an insufficiently sized memory buffer. It affects Excel 2003 and Excel XP but other versions might also be rolled over by the flaw.
Another security outfit Secunia classified the flaw as "highly critical," one stage below the "oh my god this flaw will sink civilisation as we know it and bring about chaos followed by a return to a stone age culture" classification.
Vole says that its team of experts were looking into the issue. A spokesVole said that a new vulnerability in Microsoft Windows that may be exploited when clicking on a hyperlink with Office documents. However no one has suffered yet, the spokesVole said cheerfully.
This is the second bug in Excel found in a week. The one found last week gives an attacker full control over a vulnerable PC and has been exploited in at least one targeted cyberattack.
More
here. µ
******************************************
Nice to know that due to MS's stupid once a month patch system users must sit knowing they have this vulnerability for another 3 weeks! Insane.
Do yourself a favour...