Excel Flaw in Asian Office Versions
Researchers with the French Security Incident Response Team disclosed another flaw within Excel on Thursday, saying it could allow attackers to take control of a user's computer. The newest vulnerability is the third discovered in the popular spreadsheet program in the past month.
According to the advisory, when Microsoft Excel handles or repairs documents that contain overly long styles, a memory corruption error occurs in the Asian language versions of the product. The issue occurs in Excel 2000, 2002 and 2003, the advisory says.
Microsoft confirmed the existence of the vulnerability and said it was investigating the issue. However, in order to be exploited, an attacker must first convince a user to open up a malicious Excel file, the company explained.
While this particular flaw affects a smaller percentage of Office users, it is not any less dangerous. In mid-June, a flaw was discovered that had been used in an attack against at least one Microsoft customer. Several days later, another flaw was disclosed that could cause Excel to crash after a malicious file is opened.
Next Tuesday, Microsoft plans to issue three patches for Office as part of its monthly Patch Tuesday updates, with at least one of the flaws rated "critical." It is likely that the patches will address the Excel issues, experts say.