As part of its monthly patch cycle, Microsoft on Tuesday released fixes for six security holes in Office and one flaw in Windows. Five of the six vulnerabilities in Office are specific to Excel. The most serious flaws could allow an attacker to gain control over a vulnerable PC running the spreadsheet program, Microsoft said in Security Bulletin MS06-012. In all cases, the miscreant would have to persuade the user to open a malformed Excel file, the software maker said. The sixth problem affects a range of Office applications, including some versions of Word, Outlook & PowerPoint. Microsoft’s second update deals with an operating system issue that affects Windows XP with Service Pack 1 and Windows Server 2003.
Ahem, if you can get them to open up random Excel files I bet you can get them to run random batch files too…
Anyway, good they fix it, but seriously, this is newsworthy?
any comment on whether OpenOffice’s excel import filter is vulnerable?
Why would it be? Microsoft and OpenOffice.org don’t share code.
Why should a little Excel file be so dangerous? MS really need to limit what user run programs/files should be allowed to do.
Re: Running a malformed Excel file?
By ma_d (1.16) on 2006-03-15 01:54:28 UTC
Ahem, if you can get them to open up random Excel files I bet you can get them to run random batch files too…
Anyway, good they fix it, but seriously, this is newsworthy?
Personally I’d have felt much more secure opening a random Excel/Word file than running random batch/exe files. My mistake obviously, but I suspect a lot of people that aren’t aware how potentially dangerous files are (as apposed to programs) will be in the same boat.