Multiple security holes in Microsofts ubiquitous Excel spreadsheet program could put users at risk of PC takeover attacks, the software maker warned in a bulletin released March 14.
As part of its monthly batch of security updates, Microsoft pushed out patches for five code execution vulnerabilities in Excel and a separate bug in its Office desktop productivity suite that could allow an attacker to “take complete control” of a susceptible system.
The MS06-012 bulletin, which carries a “critical” rating, affects users of Office 2000, Office XP, Office 2003, Works Suites, Office X for Mac and Office 2004 for Mac.
Microsoft said the Excel flaws could be targeted by an attacker using a malformed range, a malformed parsing format file, a malformed description, a malformed graphic or a malformed record.
The Microsoft Office vulnerability could be targeted by attacker using a specially crafted routing slip within an Office document. All the flaws require that the user be tricked into visiting a malicious Web site or opening a document.
Microsoft also released MS06-011, with a comprehensive fix for a privilege-elevation vulnerability first identified by a pair of Princeton University researchers.
The bulletin, which is rated “important,” patches a hole that makes it easy for an attacker to pinpoint privilege escalation vulnerabilities in third-party applications running on Windows.
The patch comes one month after the public release of proof-of-concept code that explained how ACLs (access control lists) used in Windows applications could be exploited.
The code can be used to exploit overly permissive access controls on third-party application services and could also be used to exploit default services of Windows XP Service Pack 1 and Windows Server 2003.
An ACL is a table that tells a computer operating system which access rights each user has to a particular system object. But, because of poor software coding practices, the researchers found that some basic Windows security mechanisms can be bypassed and used in malicious hacker attacks.