Unified threat management (UTM) solutions specialist Fortinet has announced a critical vulnerability in Microsoft Excel.
The vulnerability discovered by Fortinet’s security research team allows attackers to take over the affected system by using an .xls file sent through e-mail or uploaded to a controlled Web site.
When user opens the .xls file with the Microsoft Internet Explorer, the browser automatically calls Microsoft Excel to open the .xls file. Fortinet said that if specially crafted, this can cause Excel to crash and allow the attacker to execute arbitrary code.
This vulnerability is due to Microsoft Excel's manipulation of specific opcode and affects users of the following software:
Microsoft Office 2000 Service Pack 3 - Microsoft Excel 2000
Microsoft Office XP Service Pack 3 - Microsoft Excel 2002
Microsoft Office 2003 Service Pack 2 - Microsoft Excel 2003/ Microsoft Office Excel Viewer 2003
Microsoft Works Suites - Microsoft Works Suite 2004 / 2005 (same as the Microsoft Excel 2002 update)
Microsoft Office 2004 for Mac
Microsoft Office v. X for Mac
The non-affected software include:
2007 Microsoft Office system - Microsoft Office Excel 2007
Microsoft Works Suites - Microsoft Works Suite 2006
Fortinet has advised MS Office users to immediately apply the update provided by Microsoft and not open Microsoft Office Excel files from non-trusted source.
Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.
Updated Date: Dec 23, 2014 18:53:48 IST