Office users beware, another vulnerability
has been discovered in Microsoft Excel. Affecting many versions of Excel, including 2000, 2002 and 2003, the flaw stems from a problem in the way Excel handles repairing a document containing long styles. It could result in memory corruption, which could ultimately lead to arbitrary code execution. Like the majority of Office flaws, it requires some user intervention:
"In order for this attack to be carried out, a user must first open a malicious Excel document that is sent as an e-mail attachment or otherwise provided to them by an attacker," the spokesman said in an e-mail. "Opening the Excel document out of e-mail will prompt the user to be careful about opening the attachment."
While the flaw could result in system damage, a careful user shouldn't have to worry. In office settings in which documents are routinely emailed, however, extra precaution is advised. No word yet from Microsoft about when a patch can be expected.