Results 1 to 9 of 9

Thread: Excel vulnerability posted on eBay

  1. #1
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Location
    Bristol
    Posts
    14,268
    Thanks
    286
    Thanked
    828 times in 468 posts
    • Steve's system
      • CPU:
      • Intel i3-350M 2.27GHz
      • Memory:
      • 8GiB Crucial DDR3
      • Storage:
      • 320GB HDD
      • Graphics card(s):
      • Intel HD3000
      • Operating System:
      • Ubuntu 11.10

    Excel vulnerability posted on eBay

    An auction in which disclosure of a vulnerability in Microsoft's Excel spreadsheet software was being sold has been pulled by eBay, following a complaint by Microsoft. It's not unusual for somebody to disclose details of a vulnerabilty, but selling that information on eBay is a new one.
    The vulnerability, which could allow a malicious programmer to create an Excel file that could take control of a Windows computer when opened, appears to be real. Members of the Microsoft Security Response Center (MSRC) are investigating the vulnerability report, a spokesperson for the software giant said Thursday night. eBay pulled the auction after Microsoft complained to the company's Trust and Safety Team, said Catherine England, spokeswoman for the online auctioneer.
    [Security Focus]
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 

  2. #2
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,147
    Thanks
    798
    Thanked
    2,151 times in 1,407 posts
    The morals of some people, not to mention i fail to see how it could compromise a machine? I'm guessing its program injection, as such it should be strickly a user mode problem. Yet if its all versions of office effected one that could spread like wildfire (everyone trusts .xls .doc).

    However it could just be a vb script macro.
    throw new ArgumentException (String, String, Exception)

  3. #3
    Senior Member
    Join Date
    Aug 2004
    Location
    W Yorkshire
    Posts
    5,668
    Thanks
    85
    Thanked
    13 times in 11 posts
    I'm guessing it would be some sort of macro, as if it was any other sort of vulnerbility it wouldn't be worth fussing about tbh.

  4. #4
    Senile Member
    Join Date
    Dec 2003
    Posts
    442
    Thanks
    3
    Thanked
    0 times in 0 posts
    It would be worse if it wasn't a macro and was something you couldn't switch off e.g a very long value in a cell causing a buffer overflow.

  5. #5
    Senior Member
    Join Date
    Jul 2003
    Posts
    413
    Thanks
    0
    Thanked
    0 times in 0 posts
    Since this was posted the auction has been removed.
    Bored of the old one, new one coming soon

  6. #6
    UKMuFFiN
    Guest
    this is the MSRC! Step away from the keyboard!

  7. #7
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,147
    Thanks
    798
    Thanked
    2,151 times in 1,407 posts
    Quote Originally Posted by XA04
    I'm guessing it would be some sort of macro, as if it was any other sort of vulnerbility it wouldn't be worth fussing about tbh.
    Any (compitent) network admin has untrusted scripting macro's disabled.

    The thing is information about security holes shouldn't be sold on ebay, its not as if MS don't give dosh for people keeping their mouth shut.
    throw new ArgumentException (String, String, Exception)

  8. #8
    Registered User
    Join Date
    Aug 2005
    Location
    Illawarra NSW
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts
    if i was running ebay id let this one slide. make microsoft pay for the infomation so they can fix their product

  9. #9
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,147
    Thanks
    798
    Thanked
    2,151 times in 1,407 posts
    no because it amounts to blackmale, what is there stopping me posting a vunerability about your computer on ebay? Make you outbit everyone who wants to get access?
    throw new ArgumentException (String, String, Exception)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Ebay Feedback - failing system
    By ikonia in forum General Discussion
    Replies: 9
    Last Post: 26-07-2005, 01:12 PM
  2. eBay Phishers, ever caught one out?...I just did...
    By MD in forum General Discussion
    Replies: 19
    Last Post: 01-07-2005, 07:57 PM
  3. Another Ebay Scam
    By DeludedGuy in forum General Discussion
    Replies: 6
    Last Post: 01-02-2005, 01:52 PM
  4. Dodgy ebay email?
    By wedge22 in forum Software
    Replies: 7
    Last Post: 24-12-2004, 01:03 PM
  5. eBay email scam
    By Stringent in forum General Discussion
    Replies: 2
    Last Post: 05-12-2004, 08:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •