Results 1 to 9 of 9

Thread: Excel vulnerability posted on eBay

  1. 10-12-2005, 07:23 PM #1
    Steve
    Steve is offline
    HEXUS webmaster Steve's Avatar
    Join Date
    Nov 2003
    Posts
    14,283
    Thanks
    293
    Thanked
    841 times in 476 posts

    Excel vulnerability posted on eBay

    An auction in which disclosure of a vulnerability in Microsoft's Excel spreadsheet software was being sold has been pulled by eBay, following a complaint by Microsoft. It's not unusual for somebody to disclose details of a vulnerabilty, but selling that information on eBay is a new one.
    The vulnerability, which could allow a malicious programmer to create an Excel file that could take control of a Windows computer when opened, appears to be real. Members of the Microsoft Security Response Center (MSRC) are investigating the vulnerability report, a spokesperson for the software giant said Thursday night. eBay pulled the auction after Microsoft complained to the company's Trust and Safety Team, said Catherine England, spokeswoman for the online auctioneer.
    [Security Focus]
    PHP Code:
    $s = new signature();
    $s->sarcasm()->intellect()->font('Courier New')->display(); 
    Reply With Quote Reply With Quote
  2. 10-12-2005, 08:31 PM #2
    TheAnimus
    TheAnimus is offline
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    The morals of some people, not to mention i fail to see how it could compromise a machine? I'm guessing its program injection, as such it should be strickly a user mode problem. Yet if its all versions of office effected one that could spread like wildfire (everyone trusts .xls .doc).

    However it could just be a vb script macro.
    throw new ArgumentException (String, String, Exception)
    Reply With Quote Reply With Quote
  3. 10-12-2005, 10:26 PM #3
    XA04
    XA04 is offline
    Senior Member
    Join Date
    Aug 2004
    Location
    W Yorkshire
    Posts
    5,691
    Thanks
    85
    Thanked
    15 times in 13 posts
    • XA04's system
      • Motherboard:
      • MSI X570-A Pro
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • Corsair 2x 8gb DDR 4 3200
      • Storage:
      • 1TB Serpent M.2 SSD & 4TB HDD
      • Graphics card(s):
      • Palit RTX 2060
      • PSU:
      • Antec Truepower 650W
      • Case:
      • Fractcal Meshify C
      • Operating System:
      • Windows 10
      • Monitor(s):
      • iiyama 34" Curved UWQHD
      • Internet:
      • Virgin 100mb Fibre
    I'm guessing it would be some sort of macro, as if it was any other sort of vulnerbility it wouldn't be worth fussing about tbh.
    Reply With Quote Reply With Quote
  4. 10-12-2005, 11:42 PM #4
    RedPutty
    RedPutty is offline
    Senile Member
    Join Date
    Dec 2003
    Posts
    442
    Thanks
    3
    Thanked
    0 times in 0 posts
    It would be worse if it wasn't a macro and was something you couldn't switch off e.g a very long value in a cell causing a buffer overflow.
    Reply With Quote Reply With Quote
  5. 11-12-2005, 02:54 PM #5
    poolking
    poolking is offline
    Senior Member
    Join Date
    Jul 2003
    Posts
    413
    Thanks
    0
    Thanked
    0 times in 0 posts
    Since this was posted the auction has been removed.
    Bored of the old one, new one coming soon
    Reply With Quote Reply With Quote
  6. 11-12-2005, 03:09 PM #6
    UKMuFFiN
    Guest
    this is the MSRC! Step away from the keyboard!
    Reply With Quote Reply With Quote
  7. 12-12-2005, 12:59 AM #7
    TheAnimus
    TheAnimus is offline
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    Quote Originally Posted by XA04
    I'm guessing it would be some sort of macro, as if it was any other sort of vulnerbility it wouldn't be worth fussing about tbh.
    Any (compitent) network admin has untrusted scripting macro's disabled.

    The thing is information about security holes shouldn't be sold on ebay, its not as if MS don't give dosh for people keeping their mouth shut.
    throw new ArgumentException (String, String, Exception)
    Reply With Quote Reply With Quote
  8. 12-12-2005, 01:54 AM #8
    riojin
    riojin is offline
    Registered User
    Join Date
    Aug 2005
    Location
    Illawarra NSW
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts
    if i was running ebay id let this one slide. make microsoft pay for the infomation so they can fix their product
    Reply With Quote Reply With Quote
  9. 12-12-2005, 02:20 PM #9
    TheAnimus
    TheAnimus is offline
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,168
    Thanks
    803
    Thanked
    2,152 times in 1,408 posts
    no because it amounts to blackmale, what is there stopping me posting a vunerability about your computer on ebay? Make you outbit everyone who wants to get access?
    throw new ArgumentException (String, String, Exception)
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Ebay Feedback - failing system
    By ikonia in forum General Discussion
    Replies: 9
    Last Post: 26-07-2005, 01:12 PM
  2. eBay Phishers, ever caught one out?...I just did...
    By MD in forum General Discussion
    Replies: 19
    Last Post: 01-07-2005, 07:57 PM
  3. Another Ebay Scam
    By DeludedGuy in forum General Discussion
    Replies: 6
    Last Post: 01-02-2005, 01:52 PM
  4. Dodgy ebay email?
    By wedge22 in forum Software
    Replies: 7
    Last Post: 24-12-2004, 01:03 PM
  5. eBay email scam
    By Stringent in forum General Discussion
    Replies: 2
    Last Post: 05-12-2004, 08:41 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules