Rigged Excel documents making the rounds

Rigged Excel documents making the rounds

Bug affects Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2002, Excel 2000, and Excel 2004 for Mac

Security experts have warned that malicious Microsoft Excel documents are making the rounds via email, exploiting an unpatched Excel vulnerability that has been known publicly since January.

The attacks come as Microsoft prepares to release several critical patches affecting every supported version of Office. The patches are believed to include a fix for the Excel bug.

Security organization US-CERT issued a warning this week on a Trojan exploiting the Excel bug.

"This Trojan is circulating through email messages that contain attached Excel files," US-CERT said in an advisory. "Known file names for these attachments are OLYMPIC.XLS and SCHEDULE.XLS. These files may also contain Windows binary executables that can compromise an affected system."

Maarten Van Horenbeeck, handler with the SANS Institute's Internet Storm Center (ISC), confirmed the attacks and said SANS had been tracking several exploits over the last few days.

"It should be noted that the incidents we are aware of have been limited to a very specific targeted attack and were not widespread," Horenbeeck said in an advisory. "In total, we established approximately 21 reports of attacks using only 8 different files, from within the same two communities, so far."

Some of the sample Trojans connect back to a server to retrieve the IP address of the control server, Horenbeeck said.

Microsoft first acknowledged the unpatched bug in January, in Security Advisory 947563.

The bug affects Excel 2003 Service Pack 2, Excel Viewer 2003, Excel 2002, Excel 2000, and Excel 2004 for Mac, Microsoft said. Successful attacks give the attacker the same rights as the local user.

This week Microsoft plans to ship four "critical" security fixes. The number of security bulletins Microsoft plans to issue is substantially below last month's 11 but the Office-only nature of the updates is unusual.

Of the planned patches, one appears to be for an Excel file format flaw and a second also relates to the spreadsheet application, while the third deals with a bug in Office Web Components -- controls that let users publish spreadsheets, charts and databases to the web, then view that content once it's published.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


ARN Innovation Awards 2022

Innovation Awards is the market-leading awards program for celebrating ecosystem innovation and excellence across the technology sector in Australia.

EDGE 2022

EDGE is the leading technology conference for business leaders in Australia and New Zealand, built on the foundations of collaboration, education and advancement.

Show Comments