: They have even assigned a CVE entry for this: : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-4131 : : Some interesting references with a screenshot included too.
Microsoft has verified the bug is legitimate though: http://www.eweek.com/article2/0,1759,1899697,00.asp?kc=EWRSS03129TX1K0000614 heBay Pulls Bidding for MS Excel Vulnerability By Ryan Naraine December 9, 2005 Whats the retail value of a security vulnerability in Microsoft Corp.s Excel spreadsheet program? At last check: $53 and counting. An unknown security researcher chose a novel way to issue a warning for a code execution flaw in Excelposting it for sale on eBay. But the auction was pulled late Thursday after discussions between Microsoft and eBay Inc. When the auction was squashed, the bidding had reached $53 and had attracted 19 offers. A spokeswoman for Microsoft confirmed that the eBay listing was indeed a legitimate security flaw in Excel. [..] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
