Daily cyber threats and internet security news: network security, online safety and latest security alerts
February 24th, 2009

Microsoft Excel 0-day Code Execution Vulnerability Exploited In The Wild

SecurityFocus reports a new vulnerability in Microsoft Excel, MS Excel 2007 SP1 and SP2 are vulnerable, other versions may also be affected. Excel is prone to an unspecified remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Symantec has detected active in-the-wild exploit attempts and detects this issue as ‘Trojan.Mdropper.AC‘. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. The Trojan drops the file %Temp%rundll.exe and then it may attempt to download more files on to the compromised computer from the following locations:


Failed exploit attempts will result in a denial-of-service condition.

Currently there are no vendor-supplied patches and no known workarounds. As usual, users should not open anything that looks like an Excel document from sources that can not be fully verified.

Update: Microsoft has confirmed that the code execution vulnerability in Excel is real and provided recommendations on how to avoid being compromised by the vulnerability until a patch is available.

Share this item with others:

More on CyberInsecure:
  • Zero-day Microsoft Windows NSlookup.exe Vulnerability Exploited In The Wild
  • Microsoft Patches Windows Worm And Drive-by Download Vulnerabilities
  • Microsoft Patches At Least 20 Vulnerabilities In April 2009 Update
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • 0-Day Vulnerability In Internet Explorer 6, 7 and 8, Exploit Code Already Released

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Excel 0-day Code Execution Vulnerability Exploited In The Wild

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.