ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Brand spanking new Excel 0-day being exploited in the wild

By | February 23, 2009, 6:47pm PST

Symantec is reporting that a new remote vulnerability has been discovered in Microsoft Excel 2007, and that this vulnerability is being exploited in the wild.

Details are sparse, but it looks like Symantec has discovered a code-execution vulnerability in Excel 2007 and Excel 2007 SP1. The issue is being actively exploited in the wild by a variant of the Mdropper trojan.

There is no patch for the vulnerability yet, so until one arrives, don’t open anything that looks like an Excel document from sources you cannot completely trust and verify.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Brand, Vulnerability, Microsoft Excel 2007, Details, Microsoft Excel, Microsoft Office, Security, Office Suites, Software, Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000.

Disclosure

Adam O'Donnell

Adam J. O’Donnell currently works for Cloudmark, a messaging security company whose clients include the majority of the Tier 1 customer-facing service providers as well as mobile carriers and social networks. He serves on the advisory committee for the SOURCE Security Conference, as well as several conference technical program committees. Many of his close friends work in the security industry, and he will disclose those relationships as he deems it necessary.

Biography

Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco.

Adam early on mastered the art of writing in complete sentences, using both hands and one foot. Later, he learned to do so with each individually. After fourteen years of apprenticeship in the mist-covered hills of central Nepal, Dr. O'Donnell emerged an unparalleled digital warrior and in desperate need of a anti-fungal wash.

Approaching both life and enterprise security with the verve of a particular capuchin, he is respected the world over as an observer of all he sees. Adam's dry blade of analysis will sever the hard candy shell surrounding most technical security concepts, and significantly goo-ify the remaining so as to be consumable in small bites with sufficiently large servings of digestive aids. Just what the doctor ordered.

9
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Brand spanking new Excel 0-day being exploited in the wild
birumut Updated - 4th May 2011
Great !!! thanks for sharing this information to us!
seslisohbet seslichat
View in thread
0 Votes
+ -
OPEN OFFICE ?
Brent R Brian 24th Feb 2009
Doubt the bug would bother OPEN OFFICE .. you may be able to check out the file by opening it with OO first.
0 Votes
+ -
Double check before doing that.
phatkat 24th Feb 2009
I don't know if this vulnerability will affect Open Office, Apple Works or other MS Office compatible applications. Unless your absolutely know I would wait until someone verify this.
0 Votes
+ -
RE: Brand spanking new Excel 0-day being exploited in the wild
Loverock Davidson 24th Feb 2009
I don't really see this exploit going far. The steps you have to take to actually exploit it is not worth the trouble. The user has to get the excel file sent to them, which if infected will be blocked by the mail gateway anyway, the user will see its from an unknown source, then will have to double click the file, click OK to the big warning that pops up saying the file is from an untrusted source and may be malicious, then run it. Try as you may exploiters, but people are smarter than that.
0 Votes
+ -
dadhog said "no they're not"
t0mmyt@... 24th Feb 2009
Reminds me of about 10 years ago when I was working for an engineering firm and NO ONE was running anti-virus. The owner wasn't going to pay for it. So I had a copy of McAfee or something and put it on my box.

Well one day one of the sales guys gets an Excel attachment from someone he doesn't know, so what does he do? You guessed it - he opened it up.

It went across our network like wildfire. I was the only one who got a message and did not get infected.

I spent the next two days cleaning machines & installing antivirus software.
0 Votes
+ -
Got two words for you:
ejhonda 24th Feb 2009
"Home Users".

'Nuff said.
0 Votes
+ -
Don't underestimate a persons ability to get into trouble.
NetSecKC 25th Feb 2009
We provide and require frequent training on identifying and handling suspicious emails and safe practices for electronic data in general. We emphasize not following embedded links and not opening attachments in email messages that are not expected. In my network security seat I have received messages from personnel letting me know that the links in the attached message do not actually go to the site described in the email or that the attachment will not open or will not open correctly when they attempt to see what it contains. After I contact them they typically tell me that they knew what not to do, afterwards, but were *not thinking* when they started clicking on links and/or attachments.

Regardless of the training, policies, and good intentions, it only takes one individual absently opening a link or attachment that contains a zero day to compromise a network.
For the most part no one blatantly ignores safe practices, but once you commit to an action the computer will dutifully follow your command. The human factor is and will remain the weak link in any security architecture. You can secure your perimeter from bad guys coming in, but if I open the door from the inside all that hardware just turned into an expensive (and inefficient) space heater.
0 Votes
+ -
People are smarter than that?
jasonp@... 25th Feb 2009
Really? Maybe if you had qualified your statement with "some" or even "most" you'd have a point. No, people are not smarter than that. People do things without thinking many times every single day. People run red lights. People drive too fast in the rain or snow. People fall for telemarketing scams. Individuals have the capacity to be smart and do all the right things at all the right times. People on the other hand are stupid and prone to finding every possible way of breaking a product or process. People are smarter than that...that's a good one.
0 Votes
+ -
RE: Brand spanking new Excel 0-day being exploited in the wild
dadhog 24th Feb 2009
No, they're not...
0 Votes
+ -
RE: Brand spanking new Excel 0-day being exploited in the wild
birumut Updated - 4th May 2011
Great !!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix