The third security hole in a month has been discovered
in the Microsoft Excel spreadsheet program.
The vulnerability allows remote attackers to take control of
users’ systems.
The French Security Incident Response Team reports that the flaw
is due to a memory corruption error, which occurs when handling or
repairing a document containing overly long styles.
The flaw affects Excel 2000, 2002 and 2003 and Office 2000, XP
and 2003, said the security researcher.
Its advisory said the flaw "could be exploited by attackers to
execute arbitrary commands by convincing a user to open and repair
a specially crafted Excel file.”
Microsoft said the vulnerability only affected users with the
Japanese, Korean or Chinese language versions of Excel.
The company said an attack could be launched with the help of
malicious Excel documents sent as e-mail attachments.
The company said it was not aware of any attacks being launched
in the wild using the security hole.
Microsoft is issuing
seven security patches next Tuesday, with
three of them addressing holes in its Office suite. These may
patch the two Excel vulnerabilities made public in the last
month, as Excel is part of the Office suite.