Hacker Tries To Sell Excel Flaw On EBay - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:04 PM

Hacker Tries To Sell Excel Flaw On EBay

According to the since-yanked listing, the zero-day vulnerability in Excel had been reported to Microsoft on Dec. 6. "It can be assumed that no patch addressing this vulnerability will be available within the next few months," the seller wrote.

An unknown security researcher tried to sell a vulnerability in Microsoft's Excel spreadsheet program on eBay, but the online auction site pulled the listing late Thursday.

The unusual route to vulnerability profit-taking was squashed by eBay after the listing--offered by someone only identified as "fearwall"--was bid up to just under $60.

According to the since-yanked listing, the zero-day vulnerability in Excel had been reported to Microsoft on Tuesday, Dec. 6. "All the details were submitted to Microsoft, and the reply was received indicating that they may start working on it," wrote the seller. "It can be assumed that no patch addressing this vulnerability will be available within the next few months."

The unpatched vulnerability is in the way that Excel, the popular spreadsheet included in all editions of Microsoft's Office suite, validates the data in some worksheets when it parses files.

"The vulnerability can be exploited to compromise a user's PC," claimed the seller.

He also took several potshots at Microsoft, saying that the opening bid of $.01 was "a fair value estimation for any Microsoft product" and offered a 10 percent discount to any Microsoft employee who mentioned the discount code "LINUXRULZ."

A spokeswoman for Microsoft confirmed that the listing on eBay was for a real bug in Excel. "The Microsoft Security Research Center has not been made aware of any attacks attempting to use the reported vulnerability or customer impact at this time, but [it] will continue to investigate the public reports to help provide additional guidance for customers," she said in an e-mail to TechWeb.

The spokeswoman also said that Microsoft's researchers were investigating the vulnerability, and might (or might not) release either a fix or a security advisory in the future.

"The company is working with eBay to determine the appropriate course of action," she also said.

[Update, Monday, Dec. 12; 12:45 pm: The original article included the phrase "against the seller" after the preceding quote, outside of the quotation marks. That was incorrect; Microsoft is working with eBay to determine a general course of action to protect its customers. ]

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Top-Paying U.S. Cities for Data Scientists and Data Analysts
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/5/2019
10 Strategic Technology Trends for 2020
Jessica Davis, Senior Editor, Enterprise Apps,  11/1/2019
Study Proposes 5 Primary Traits of Innovation Leaders
Joao-Pierre S. Ruth, Senior Writer,  11/8/2019
Register for InformationWeek Newsletters
Current Issue
Getting Started With Emerging Technologies
Looking to help your enterprise IT team ease the stress of putting new/emerging technologies such as AI, machine learning and IoT to work for their organizations? There are a few ways to get off on the right foot. In this report we share some expert advice on how to approach some of these seemingly daunting tech challenges.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll