IT shops that manage systems running Microsoft Excel and Adobe Systems Inc.'s Macromedia Flash Player should take precautions against new, critical security holes in those programs, the French Security Incident Response Team (FrSIRT) warned Thursday. Attackers could exploit the flaws to take control of affected machines and launch malicious commands.
In its advisory on the Excel flaw, FrSIRT said the problem is a memory corruption error that appears "when handling or repairing a document with overly long styles." Attackers could exploit this "to execute arbitrary commands by convincing a user to open and repair a specially crafted Excel file," the firm added.
Unlike other recent Excel/Office flaws, this issue only affects Asian language (Japanese, Korean, and Chinese) versions of the product, FrSIRT said. Specifically, the problem affects Excel 2000, 2002, 2003; and Office 2000, XP and 2003.
Tuesday, Microsoft plans to patch security holes in Excel and Office. The fix is expected to address newer flaws that surfaced in the last month, including a zero-day flaw that has been actively exploited.
In its advisory on the Macromedia Flash Player flaw, FrSIRT outlined two problems:
The flaws affect Macromedia Flash Player 184.108.40.206 and prior versions. The solution is to upgrade to Flash Player version 220.127.116.11.