IT shops that manage systems running Microsoft Excel and Adobe Systems Inc.'s Macromedia Flash Player should take precautions against new, critical security holes in those programs, the French Security Incident Response Team (FrSIRT) warned Thursday. Attackers could exploit the flaws to take control of affected machines and launch malicious commands.
Unlike other recent Excel/Office flaws, this issue only affects Asian language (Japanese, Korean, and Chinese) versions of the product, FrSIRT said. Specifically, the problem affects Excel 2000, 2002, 2003; and Office 2000, XP and 2003.
Tuesday, Microsoft plans to patch security holes in Excel and Office. The fix is expected to address newer flaws that surfaced in the last month, including a zero-day flaw that has been actively exploited.
In its advisory on the Macromedia Flash Player flaw, FrSIRT outlined two problems:
The flaws affect Macromedia Flash Player 188.8.131.52 and prior versions. The solution is to upgrade to Flash Player version 184.108.40.206.