There is critical vulnerability in Microsoft Office Excel that allows hackers to execute a code remotely and steal data; that's what Microsoft said in its security warning on "security hole in Excel," issued on Tuesday.
Microsoft warned that exploiting the security flaw in Excel, hackers can launch malicious code remotely to take control of anyone's computer and they can steal confidential data from anyone's computer.
According to Microsoft, the security flaw has been found in the Excel software in Microsoft Office 2000, 2002, 2003, and 2007 and Microsoft Office 2004 and 2008 for Mac.
In a blog posting on Tuesday, the company stated that "Symantec has found malicious files in the wild in Japan that attempt to exploit the vulnerability and has updated its antivirus software to detect the malicious spreadsheet files it has dubbed Trojan. Mdropper. AC". In its advisory, Symantec stated that the there have been few infections, but the risk is low. Symantec has also listed Windows Vista and XP as affected systems.
In its blog, Symantec explained, "It turns out that this vulnerability exists in the old Excel binary .xls format and not the new .xlsx format. Opening the malicious spreadsheet triggers the vulnerability. This causes the shellcode to execute and then drops two files on the system--the malicious binary mentioned earlier and another valid Excel document. The shellcode then executes the dropped file and opens the valid Excel document to mask the fact that Excel has just crashed. This helps to decrease suspicion when the affected spreadsheet is opened."
Microsoft stated that it is working to fix the flaw in the Excel software, and meanwhile, the software maker advised the Windows users to avoid opening Office files from untrusted sources or that arrive unexpectedly.
Symantec security experts explained that when the users open an infected Excel file, a Trojan horse downloader automatically gets executed onto their computers that can be used to steal private and financial data.
Vincent Weafer, vice president of Symantec Security Response, said, "The attack displays the valid document and looks as if it's opening, so you may not notice you now have a new downloader on your machine that steals information."
Latest News
|
|
|
|
|
|
|
|
|
|
|
|
Popular content
Today's:
All time:
Last viewed:
- Uncontrollable Growth of Screwshell, an Issue of Concern for Australian Fisheries
- Comcast to Offer fastest internet Service in Portland
- Glaxo's Serevent and Novartis AG's Asthma Drugs could be dangerous for patients
- Health vote has one of its keys with Anti-abortion lawmakers
- Lions Gate not Confident of Icahn’s Business Ability – Refutes his Bid
- China issues new “trial regulations” as part of its anti-porn crusade
- LG foreseeing about 47% rise in 2010 LCD TV sales
- Perry Ellis Swings to 4th-Quarter Profit
- Skytone’s Android netbook - Alpha 680 - to hit markets within 3 months
- Wardrobe Malfunction Embarrasses Katherine Heigl
