The Microsoft eBay crackdown continues. First it was illegal Microsoft software being sold; now the two companies are targeting an auction in which the highest bidder would have won information on how to exploit an alleged flaw in Microsoft’s Excel spreadsheet application.
"The listing was immediately reviewed and pulled from the site for violating our policy against promoting illegal activity - hacking", Catherine England, spokeswoman for the online auctioneer said in an email to SecurityFocus, a source of security information on the Internet.
If the sale had gone ahead, one lucky Cracker could have looked forward to being able to remotely take control of a Windows based PC if the owner of the program opens a specific spreadsheet. The listing stated the following:
"Up for sale is one (1) brand new vulnerability in the Microsoft Excel application. The vulnerability was discovered on December 6th 2005, all the details were submitted to Microsoft, and the reply was received indicating that they may start working on it. It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product)".