As part of its monthly patch cycle, Microsoft on Tuesday released fixes for six security holes in Office and one flaw in Windows. Five of the six vulnerabilities in Office are specific to Excel. The most serious flaws could allow an attacker to gain control over a vulnerable PC running the spreadsheet program, Microsoft said in Security Bulletin MS06-012. In all cases, the miscreant would have to persuade the user to open a malformed Excel file, the software maker said. The sixth problem affects a range of Office applications, including some versions of Word, Outlook & PowerPoint. Microsoft’s second update deals with an operating system issue that affects Windows XP with Service Pack 1 and Windows Server 2003.
Microsoft Fixes Office, Windows Flaws
2006-03-14 Microsoft 4 Comments
Ahem, if you can get them to open up random Excel files I bet you can get them to run random batch files too…
Anyway, good they fix it, but seriously, this is newsworthy?
any comment on whether OpenOffice’s excel import filter is vulnerable?