Yet another warning for Microsoft Excel users, it seems that a second critical security vulnerability has been discovered in the software. While Microsoft is still busy with the first, another flaw that could result in arbitrary code execution has been revealed, including a potential system compromise that allowed remote control. While the article mentions lack of official confirmation, the alert was issued by Symantec yesterday. Secunia is listing it as highly critical, and it affects a wide range of existing installs:
The security hole exists because Excel fails to properly check user-supplied input before copying it to an insufficiently sized memory buffer, Symantec said. Excel 2003 and Excel XP are vulnerable, and other versions may also be affected, Symantec said.
Considering the millions that use Excel, the potential for widespread infection exists, though likely most users will not have to worry about it. As long as standard security practices and threat detection systems in most businesses are in place, and people aren't careless about downloading files, the risk of propagation goes down to almost nil. Still, it can't be an easy week for Microsoft.