Skip to main content
MSRC

Open XML

More information about the new Excel vulnerability

Tuesday, February 24, 2009

This morning, we posted Security Advisory 968272 notifying of a new Excel binary file format vulnerability being exploited in targeted attacks. We wanted to share more information about the vulnerability to help you assess risk and protect your environment. Office 2007 being targeted The current attacks we have seen target users of Office 2007 running an earlier version of Windows (Windows 2000, XP, 2003).

MS08-043 : How to prevent this information disclosure vulnerability

Tuesday, August 12, 2008

In this month’s update for Excel we addressed an interesting CVE (CVE-2008-3003) – the first vulnerability to affect the new Open XML file format (but it doesn’t result in code execution). This is an information disclosure vulnerability that can arise when a user makes a data connection from Excel to a remote data source and checks a checkbox to have Excel NOT save the password used in that connection to the file.