Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

February 24th, 2009

Microsoft confirms 0-day in Excel, expands list of vulnerable systems

Posted by Adam O'Donnell @ 10:44 am

Tags: Microsoft Corp., Microsoft Excel, Microsoft Office, Office Suites, Software, Adam O'Donnell

Microsoft has confirmed that the code execution vulnerability reported yesterday in Excel is real, and has expanded the list of vulnerable systems.

Microsoft has stated that the code execution vulnerability discovered by Symantec, now known by CVE number 2009-0238, is legitimate. They have also expanded their list of vulnerable versions to include all fully patched versions of Excel from 2000 onwards.

Microsoft has provided additional recommendations on how to avoid being compromised by the vulnerability until a patch is available, including recommending the use of MOICE to effectively defang any malicious documents as well as avoiding any Excel file that is compatible with Office 2003 or earlier.

Don’t look too smug there, Mac users; Office 2004 and Office 2008 for the Mac are vulnerable, and MOICE is a Windows-only product.

Adam O'Donnell Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.

Email Adam O'Donnell

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 7 Talkback(s)

Thread View
Flat View

You're correct...: Single and double quotes seem to post correctly and stay that way for a day or two...then suddenly, they've all turned to question marks. ... (Read the rest); Posted by: MGP2 Posted on: 02/24/09 You are currently: a Guest | Log in | Terms of Use

o-day? James T. Kirk | 02/24/09

Nopes Linux User 147560 | 02/24/09

LOL James T. Kirk | 02/24/09

Actually, it's a font issue MGP2 | 02/24/09

I've noticed kozmcrae | 02/24/09

You're correct... MGP2 | 02/24/09

RE: Microsoft confirms 0-day in Excel, expands list of vulnerable systems phatkat | 02/24/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now

Essential Topics

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Reducing Server Total Cost of Ownership with VMware Virtualization Software VMware VMware virtualization enables customers to reduce their server TCO and ... Download Now
Unrivaled support from Novell, now available for Red Hat Novell If Linux is going to power your mission-critical applications, you'd ... Download Now
Building the Virtualized Enterprise with VMware Iinfrastructure VMware VMware virtualization software has been adopted by over 120,000 enterprise ... Download Now

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Zero Day

Ryan Naraine and Dancho Danchev

February 24th, 2009

Microsoft confirms 0-day in Excel, expands list of vulnerable systems

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

February 24th, 2009

Microsoft confirms 0-day in Excel, expands list of vulnerable systems

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads