Tuesday, February 6, 2007

Vulnerability in Microsoft Office Could Allow Remote Code Execution

Issue summary
There's a security bug with Microsoft Office. Those using Microsoft Office products like Office 2000, XP, 2003 (2004-MAC) are advised to see the workaround below. The vulnerability cannot be exploited on Office 2007 or on Works 2004, 2005, or 2006. Please read and be secure. There's no fix (zeroday vulnerability) for this problem yet. So the rule of thumb is that do not open files from untrusted/peculiar sources/websites/email with attached MS Office files (including Excel, Word, Powerpoint, etc..)

Since Internet Explorer is integrated with Office suite of product, this type of attack is possible via websites too (which includes in line emails etc).

Workaround:
Do not open or save Office files that you receive from un-trusted sources or that you receive unexpectedly from trusted sources. This vulnerability could be exploited when a user opens a specially crafted Office file.

Antivirus products can detect this vulnerability depending on your provider's responses. Microsoft Live OneCare does identify this issue and prevents such an attack.

More information at: http://www.microsoft.com/technet/security/advisory/932553.mspx
Secunia: http://secunia.com/advisories/24008/

Here's an excerpt from MS Website:

Microsoft Security Advisory (932553)
Microsoft is investigating new public reports of very limited Microsoft Excel “zero-day” attacks using a vulnerability in Microsoft Office 2000, Microsoft Office XP, Microsoft Office 2003, and Microsoft Office 2004 for Mac


In order for this attack to be carried out, a user must first open a malicious Office file attached to an e-mail or otherwise provided to them by an attacker.

While we are currently only aware that Excel is the current attack vector, other Office applications are potentially vulnerable.

As a best practice, users should always exercise extreme caution when opening unsolicited attachments from both known and unknown sources. Microsoft has added detection to the Windows Live OneCare safety scanner for up-to-date removal of malicious software that attempts to exploit this vulnerability.

Microsoft intends to actively share information with Microsoft Security Response Alliance partners so that their detection can be up to date to detect and remove attacks.
Customers in the U.S. and Canada who believe they are affected can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.


International customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Post a Comment