Trojan Attacks Microsoft Office Excel Errors

Altogether, the vulnerabilities can be found in Microsoft Office Excel 2003 Service Pack 2, Microsoft Office Excel Viewer 2003, Office Excel 2002, Office Excel 2000 and Excel 2004 for Mac. However, the vulnerability doesn't affect customers using Office Excel 2007 or Excel 2008 for Mac, or users who have installed Office Excel 2003 Service Pack 3.

The Trojan is circulating through e-mail messages containing attached Excel files, which include known names such as OLYMPIC.XLS and SCHEDULE.XLS, according to the U.S. CERT warning. In addition, CERT warned that the files may also contain Windows binary executables, which have the potential to compromise an affected system.

A Microsoft security advisory warned that exploitation could occur after a user opened a specially crafted Excel file containing malformed header information, corrupting the system memories in a way that could leave the machine vulnerable to remote execution of arbitrary code. A successful exploit would then require a user to open an attachment sent in an e-mail message, which would allow the attacker to gain the same access privileges as the local user, according to the advisory.

In a Web-based scenario, an attacker who successfully exploited the Excel vulnerabilities would have to entice users to visit a malicious Web site, presumably through an infected link.

Yet despite the critical nature of the exploits, security experts say that so far the vulnerabilities have only been used in targeted attacks, primarily relegated to government contractors and those involved with espionage. Researchers at the SANS Institute said in a security posting that the attacks have not been widespread, noting that only 21 reports of attacks using eight different files from within the same two communities have thus far been reported.

"If you take a look at the list of top threats, it's barely even on there," Craig Schmugar, threat research manager for McAfee Avert Labs. "It's really the targeted attack, anyone who has highly confidential information."

The U.S. CERT advises users to exercise caution when opening e-mail attachments and to avoid opening unsolicited or untrusted e-mail messages. In addition, U.S. CERT recommended that users block executable files, enable firewalls, install antivirus software and keep virus signature files up-to-date.

Microsoft said that the company is currently investigating the vulnerability. While so far no workarounds exist, security experts maintain that the vulnerability is addressed in today's batch of "Patch Tuesday" updates.

"It's still pretty low scale," said Schmugar. "At this point, it's not the type of threat where any script kiddie could download sample code and create their own exploit, or reverse engineer it."