CISA warns of a nasty flaw abusing Excel
Share- Nishadil
- January 04, 2024
- 0 Comments
- 1 minutes read
- 21 Views

The US Government's Cybersecurity and Infrastructure Agency (CISA) is warning of a major vulnerability in an open source Perl library that reads Excel files. In a security advisory published earlier this week, CISA said that there is a major bug in the library called Spreadsheet::ParseExcel. The bug, now tracked as CVE 2023 7101, is described as a remote code execution (RCE) flaw, meaning it could be used by threat actors to deploy and run different malware, including ransomware .
It was stated that US Government agencies have until January 23 to address the flaw. It can be fixed by updating the library to versions newer than 0.65. “Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string type “eval.” Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic," CISA said of the flaw.
CISA was not the first to discover the RCE flaw. The email protection and network security firm Barracuda recently discovered it, after observing Chinese hackers abusing it to target its Email Security Gateway instances. Within ESG, the library was used by the Amavis virus scanner. By crafting a custom Excel attachment, the attackers would able to exploit the flaw and run pretty much any code on the vulnerable device, unabated.
Barracuda, together with Mandiant, attributed the attack to UNC4841, claiming the Chinese were using the flaw to drop SEASPY and SALTWATER malware. On December 22, 2023, Barracuda deployed a patch to remediate compromised ESG appliances which exhibited indicators of compromise related to the newly identified malware variants,” the company said in an announcement.
Barracuda concluded that no action is required from the user's side and added that its investigation into the matter is ongoing. While Barracuda addressed the issue within its own ecosystem, the company stressed that the open source library remains vulnerable. “For organizations utilizing Spreadsheet::ParseExcel in their own products or services, we recommend reviewing CVE 2023 7101 and promptly taking necessary remediation measures,” it concluded.
Via BleepingComputer.
Disclaimer: This article was generated in part using artificial intelligence and may contain errors or omissions. The content is provided for informational purposes only and does not constitute professional advice. We makes no representations or warranties regarding its accuracy, completeness, or reliability. Readers are advised to verify the information independently before relying on