New Excel zero-day flaw used in attacks

by admin June 17, 2006 at 9:46 am

A new, yet-to-be-patched security vulnerability in Microsoft’s Excel has been exploited in at least one targeted cyberattack, experts warned on Friday.

A malicious Excel document is sent as an e-mail attachment or otherwise delivered by the attacker to the intended victim, Microsoft said in a posting to its Security Response Center blog. The Redmond, Wash., software maker said it has received one report from a customer who had been hit by such a problem.

“In order for this attack to be carried out, a user must first open a malicious Excel document,” a Microsoft representative wrote. “So remember to be very careful opening unsolicited attachments from both known and unknown sources.”

Samples of malicious Excel files called “okN.xls” have been found, Symantec said in an advisory. The malicious spreadsheet file contains a Trojan horse, called “Mdropper.J,” and program called “Booli.A” that can download more malicious files to an infected PC, the security company said.

Full article: ZDNet News