Skip to content
View in the app

A better way to browse. Learn more.

Thailand News and Discussion Forum | ASEANNOW

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

An Excel Exploit Discovered

Featured Replies

Another Excel 2003 file format exploit discovered in the wild

A new and reportedly dangerous exploit has been discovered already in the wild, and this time it affects users of Excel with the older file format.

Security firm Secunia today is classifying as extremely critical an exploit involving versions of Excel 2003 prior to Service Pack 2. Though Microsoft released a security advisory on the problem this morning, there are no available details as to the nature of the exploit.

However, it would appear its discovery -- unusually for the present day -- was on account of the exploit already having been released in the wild this time, for a true "zero-day" affair.

According to a Microsoft security advisory released yesterday, public reports alerted the company to the vulnerability. It's advising customers once again not to open Excel 2003 documents from an untrusted source, or to use a tool called the Isolated Compatibility Environment (MOICE), part of the Office Compatibility Pack, to convert files into the new Office Open XML format. Through the Compatibility Pack, the converted files would still be accessible through Excel 2003, according to a Microsoft Knowledgebase article published last May.

Back in June 2006, Microsoft reported a critical vulnerability caused by Excel 2003 files, which it said at that time could trigger remote code execution. This week's vulnerability was described with somewhat less detail: Apparently a maliciously crafted Excel file can elevate the privileges of limited accounts. Usually that can result in the capability of running code remotely, though Microsoft did not specify that explicitly, which could mean that this week's vulnerability may invoke the trigger but may not carry a malicious payload.

Source

Thanks for the advice...i need to go to sleep now.......

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.