MS's Excel-lent security has a story up about a security vulnerability in Excel 2000. The exploit involves Excel documents being able to execute DLL code when they're opened; thus the hacker would first need to get a malicious DLL onto the system, then get the user to open an Excel file that will execute that DLL's code.

If you think the chances of a naughty DLL file finding its way onto your machine are pretty slim, think again. According to analysts quoted in the article, "[t]here are several previous security vulnerabilities that allow a malicious user to download a file to a victim's computer. . . ." The DLL code could even be accessed over the Internet in some cases.

I'm sure that Microsoft is just thrilled with Georgi Guninski, the guy who found the bug. Last month, he found two other bugs in Microsoft products, including Excel, Powerpoint and Outlook. This guy is just an exploit-finding machine.

Tip: You can use the A/Z keys to walk threads.
View options

No comments in this discussion yet.