In one week, three serious vulnerabilities were uncovered in this popular spreadsheet application from Microsoft.
 |
| Source: ceintec |
Excel users have every reason to be concerned, as a hacker announced yesterday that they had released an exploit code targeting an unpatched vulnerability in this application. This marks the third consecutive vulnerability discovered in Excel within just one week.
The proof-of-concept code allows attackers to execute malicious malware on vulnerable computers; however, users must first be tricked into opening an Excel document, according to SecurityTracker’s website.
These exploits take advantage of a vulnerability within Adobe Systems’ Flash technology, which is used to display graphics and images in Excel documents. “When users open the Excel file, the malicious Flash code executes automatically without any user intervention,” the warning report states.
Why is this concerning?
The latest attack on Excel is particularly alarming because the code can trigger automatically, requiring little to no user action, according to researcher Juha-Matti Laurio.
“In fact, embedding malware in an Excel file is not very common, but that doesn’t matter because simply opening the file is enough to get infected. This is the most concerning aspect.”
Microsoft’s security team has been working tirelessly over the past few weeks. Last Tuesday, the company released a patch for a serious vulnerability in Word (which had been exploited by hackers) and is now responding to two attack codes that exploit extremely critical vulnerabilities in Excel.
According to SecurityTracker, this vulnerability affects several different versions of Excel. In reality, Microsoft discovered the vulnerability back in May 2004 and provided a temporary fix, but it was not comprehensive.
As of now, there has been no comment from Microsoft regarding this latest warning.
Thien Y
