January 16, 2008 A new exploit based on Microsoft Security Advisory (MSA) 947563 was issued on January 15, 2008 and details a vulnerability that exists in Excel 2003 SP2. The vulnerability also exists in previous versions of Excel, such as Excel 2002 and Excel 2000, where no known workarounds currently exist. Users of Excel 2003 with Microsoft Office Isolated Conversion Environment (MOICE) are not vulnerable to this exploit.

Details of this exploit include the ability to open and run an embedded executable while subsequently injecting code into Outlook Express, then gathering credentials to email accounts and webmail logins. Later, this information is submitted to the perpetrator via email. Delivery of exploit code would require a user to visit a malicious website that presented an infected Excel document for download, or receipt of an email with an infected attachment.

Microsoft reports in their advisory that, as of January 16, 2007, only targeted attacks have attempted to use this vulnerability.

At this time, Microsoft has not committed to providing a patch for this vulnerability. As this targeted attack has passed through many email security gateways, users are advised to not open Excel spreadsheets sent by email.

Click here to return to Threats