Home / mailingsPDF  

WSLabs, Informational Alert: Websense Discovers Microsoft Excel High-risk Zero-day Vulnerability - Patch Released

Posted on 11 March 2008
Websense Security Lab

Websense(R) Security Labs(TM) has discovered a high-risk zero-day vulnerability (MS08-014) within the widely-used Microsoft Office Excel.

This vulnerability, discovered by Websense in November 2007, requires minimal user interaction. Exploit code can be embedded within Microsoft Excel files and launched upon opening an excel document. This could be launched over email, through a website or another less common method. Upon discovery Websense responsibly disclosed this important vulnerability to Microsoft and has since been patched. (http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx)

Due to the fact that several targeted attacks have used Microsoft Office vulnerabilities in the past we recommend that users patch machines.

Websense ThreatSeeker(TM) technology is actively searching for in-the-wild exploits and Websense will automatically protect customers upon discovery.

Note: Microsoft Excel 2002 and earlier versions are affected.

To show how this vulnerability could potentially be used in the wild we'e created a video, with a proof of concept exploit on a Windows XP machine running an unpatched version of excel. In this demo, the user receives an exploited Excel file via email. The user manually opens it, and is automatically exploited.

For the purpose of visualization, our exploit executes Solitaire, but obviously a malicious exploit could execute arbitrary code.

Proof of concept video: http://www.websense.com/securitylabs/images/alerts/ms08-014.mov

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=846

 

TOP