ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Microsoft confirms 0-day in Excel, expands list of vulnerable systems

By | February 24, 2009, 10:44am PST

Microsoft has confirmed that the code execution vulnerability reported yesterday in Excel is real, and has expanded the list of vulnerable systems.

Microsoft has stated that the code execution vulnerability discovered by Symantec, now known by CVE number 2009-0238, is legitimate. They have also expanded their list of vulnerable versions to include all fully patched versions of Excel from 2000 onwards.

Microsoft has provided additional recommendations on how to avoid being compromised by the vulnerability until a patch is available, including recommending the use of MOICE to effectively defang any malicious documents as well as avoiding any Excel file that is compatible with Office 2003 or earlier.

Don’t look too smug there, Mac users; Office 2004 and Office 2008 for the Mac are vulnerable, and MOICE is a Windows-only product.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Microsoft Corp., Microsoft Excel, Microsoft Office, Office Suites, Software, Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000.

Disclosure

Adam O'Donnell

Adam J. O’Donnell currently works for Cloudmark, a messaging security company whose clients include the majority of the Tier 1 customer-facing service providers as well as mobile carriers and social networks. He serves on the advisory committee for the SOURCE Security Conference, as well as several conference technical program committees. Many of his close friends work in the security industry, and he will disclose those relationships as he deems it necessary.

Biography

Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco.

Adam early on mastered the art of writing in complete sentences, using both hands and one foot. Later, he learned to do so with each individually. After fourteen years of apprenticeship in the mist-covered hills of central Nepal, Dr. O'Donnell emerged an unparalleled digital warrior and in desperate need of a anti-fungal wash.

Approaching both life and enterprise security with the verve of a particular capuchin, he is respected the world over as an observer of all he sees. Adam's dry blade of analysis will sever the hard candy shell surrounding most technical security concepts, and significantly goo-ify the remaining so as to be consumable in small bites with sufficiently large servings of digestive aids. Just what the doctor ordered.

8
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Microsoft confirms 0-day in Excel, expands list of vulnerable systems
birumut Updated - 3rd May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat
View in thread
0 Votes
+ -
o-day?
Hallowed are the Ori 24th Feb 2009
I thought it was 0-day.
0 Votes
+ -
Nopes
Linux User 147560 24th Feb 2009
It's o as in "Oh shyte! Again!?" devil
0 Votes
+ -
LOL
Hallowed are the Ori 24th Feb 2009
Nice.
0 Votes
+ -
Actually, it's a font issue
MGP2 24th Feb 2009
I thought the same thing as you. So, I copied the title into notepad and it shows up as a 0.
0 Votes
+ -
I've noticed
kozmcrae 24th Feb 2009
there are font issues in the comments sections sometimes. Once on Christopher Dawson's blog everything turned bold from a certain point on. It wasn't like that at first either.
0 Votes
+ -
You're correct...
MGP2 24th Feb 2009
Single and double quotes seem to post correctly and stay that way for a day or two...then suddenly, they've all turned to question marks.
0 Votes
+ -
RE: Microsoft confirms 0-day in Excel, expands list of vulnerable systems
phatkat 24th Feb 2009
I wonder will this affect Open Office, Apple Works or other MS Office compatible software.
0 Votes
+ -
RE: Microsoft confirms 0-day in Excel, expands list of vulnerable systems
birumut Updated - 3rd May 2011
Great!!! thanks for sharing this information to us!
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix