Yet another software security problem has been reported. As of the time it was reported, there was no fix from the manufacturer. The software manufacturer in this case turns out to be Microsoft.
Don’t get the impression that just because Microsoft problems are reported often that Microsoft is the only company with problems. All software is the product of imperfect human intellect, and is…therefore…imperfect. Microsoft just gets the bulk of the press because they sell a lot of software. So when a defect like this finds its way into a Microsoft product, it affects a lot of people.
Here’s a quote from the eWeek article:
Zero-day refers to a flaw for which there is an exploit but no available fix. The Excel vulnerability is Microsoft’s fifth zero-day exploit since December, and part of an increasingly troubling trend.
The zero-day flaw affects Office versions 2000, XP, 2003 and 2004 for the Mac, but not 2007 or Works 2004, 2005 or 2006.
An attacker could exploit the flaw either by enticing a user to click on a file hosted on a Web site or an attachment sent via e-mail. Either exploit would require some end-user interaction.