eBay halts auction of Excel flaw

An online auction of a "brand new vulnerability" in Microsoft Excel had reached about $60 when eBay pulled the item late Thursday.

A seller using the name "fearwall" started the auction Wednesday evening at 1 cent. It was up to $56 on Thursday afternoon with 21 bids placed, and eBay quashed the auction soon after that.

The online auctioneer removed the item because it contravened its guidelines, eBay spokeswoman Catherine England said Friday. "The listing was pulled for violating our policy against encouraging illegal activity," she said in an e-mailed statement.

Microsoft is aware of the reported flaw and has been working with eBay on the matter, a company representative said in a statement. "This possible vulnerability was being auctioned on eBay, but has now been removed," the representative said.

According to the description of the item on eBay, the vulnerability was discovered on Dec. 6 and all the details were submitted to Microsoft. The flaw lies in the way Excel validates data when handling documents and exploiting it will compromise a user's PC, according to the now-removed eBay post.

Microsoft is not aware of any attacks that attempt to use the reported vulnerability, the software maker said. The company will continue to investigate the issue and may provide a fix as part of its monthly patching process or issue a security advisory, the Microsoft representative said.

The eBay seller even had a special offer for Microsoft employees: a 10 percent discount. "To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout," the now-removed post said.

[n3td3v]

THE MIRROR IS HERE

http://heapoverflow.com/ebay_joke.htm

[n3td3v]

Talking to vendor via eBay

This has been going on for a while, its just that this has been picked up by people, this time round. Theres been causes where a 0-day has been sold to script kids. The vendor never found out about it. I guess this is different, as the offer was talking to the vendor, as well as the wider web.

[Anonymous1234567890]

The big picture

There is something seriously wrong with software when the calculation of maths can render your PC vulnerable. Seriously. Microsoft's work is a joke. This is NOT meant to be an anti-Microsoft post, but this fact can't be sugar-coated: why should editing an Excel document have ANYTHING to do with affecting your PC's general operation? It's insane. Literally.

[rcrusoe]

Why buy the cow?

Now if someone came up with an exploit for an IBM iSeries (AS400) THAT might be worth something. As far as I know that platform has never been hacked (other than by "social engineering").

As of last week my McAfee antivirus had over 160,000 Windows virus definitions. Windows security is the ultimate example of an oxymoron.

You can't "swing a dead cat" on the internet without finding a way to break into Windows computers - for free.