Brand spanking new Excel 0-day being exploited in the wild

Brand spanking new Excel 0-day being exploited in the wild

Summary: Symantec is reporting that a new remote vulnerability has been discovered in Microsoft Excel 2007, and that this vulnerability is being exploited in the wild.Details are sparse, but it looks like Symantec has discovered a code-execution vulnerability in Excel 2007 and Excel 2007 SP1.

SHARE:

Symantec is reporting that a new remote vulnerability has been discovered in Microsoft Excel 2007, and that this vulnerability is being exploited in the wild. Details are sparse, but it looks like Symantec has discovered a code-execution vulnerability in Excel 2007 and Excel 2007 SP1. The issue is being actively exploited in the wild by a variant of the Mdropper trojan.

There is no patch for the vulnerability yet, so until one arrives, don't open anything that looks like an Excel document from sources you cannot completely trust and verify.

Topics: Collaboration, Microsoft, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • OPEN OFFICE ?

    Doubt the bug would bother OPEN OFFICE .. you may be able to check out the file by opening it with OO first.
    Brent R Brian
    • Double check before doing that.

      I don't know if this vulnerability will affect Open Office, Apple Works or other MS Office compatible applications. Unless your absolutely know I would wait until someone verify this.
      phatkat
  • RE: Brand spanking new Excel 0-day being exploited in the wild

    I don't really see this exploit going far. The steps you have to take to actually exploit it is not worth the trouble. The user has to get the excel file sent to them, which if infected will be blocked by the mail gateway anyway, the user will see its from an unknown source, then will have to double click the file, click OK to the big warning that pops up saying the file is from an untrusted source and may be malicious, then run it. Try as you may exploiters, but people are smarter than that.
    Loverock Davidson
    • dadhog said "no they're not"

      Reminds me of about 10 years ago when I was working for an engineering firm and NO ONE was running anti-virus. The owner wasn't going to pay for it. So I had a copy of McAfee or something and put it on my box.

      Well one day one of the sales guys gets an Excel attachment from someone he doesn't know, so what does he do? You guessed it - he opened it up.

      It went across our network like wildfire. I was the only one who got a message and did not get infected.

      I spent the next two days cleaning machines & installing antivirus software.
      t0mmyt@...
    • Got two words for you:

      "Home Users".

      'Nuff said.
      ejhonda
    • Don't underestimate a persons ability to get into trouble.

      We provide and require frequent training on identifying and handling suspicious emails and safe practices for electronic data in general. We emphasize not following embedded links and not opening attachments in email messages that are not expected. In my network security seat I have received messages from personnel letting me know that the links in the attached message do not actually go to the site described in the email or that the attachment will not open or will not open correctly when they attempt to see what it contains. After I contact them they typically tell me that they knew what not to do, afterwards, but were *not thinking* when they started clicking on links and/or attachments.

      Regardless of the training, policies, and good intentions, it only takes one individual absently opening a link or attachment that contains a zero day to compromise a network.
      For the most part no one blatantly ignores safe practices, but once you commit to an action the computer will dutifully follow your command. The human factor is and will remain the weak link in any security architecture. You can secure your perimeter from bad guys coming in, but if I open the door from the inside all that hardware just turned into an expensive (and inefficient) space heater.
      NetSecKC
    • People are smarter than that?

      Really? Maybe if you had qualified your statement with "some" or even "most" you'd have a point. No, people are not smarter than that. People do things without thinking many times every single day. People run red lights. People drive too fast in the rain or snow. People fall for telemarketing scams. Individuals have the capacity to be smart and do all the right things at all the right times. People on the other hand are stupid and prone to finding every possible way of breaking a product or process. People are smarter than that...that's a good one.
      jasonp@...
  • RE: Brand spanking new Excel 0-day being exploited in the wild

    No, they're not...
    dadhog
  • RE: Brand spanking new Excel 0-day being exploited in the wild

    Great !!! thanks for sharing this information to us!
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut