eBay halts auction of Excel flaw

Bidding stopped on sale of information about software security hole, which Microsoft says it is investigating.

Joris Evers Staff Writer, CNET News.com

Joris Evers covers security.

Joris Evers

Dec. 9, 2005 11:58 a.m. PT

2 min read

An online auction of a "brand new vulnerability" in Microsoft Excel had reached about $60 when eBay pulled the item late Thursday.

A seller using the name "fearwall" started the auction Wednesday evening at 1 cent. It was up to $56 on Thursday afternoon with 21 bids placed, and eBay quashed the auction soon after that.

The online auctioneer removed the item because it contravened its guidelines, eBay spokeswoman Catherine England said Friday. "The listing was pulled for violating our policy against encouraging illegal activity," she said in an e-mailed statement.

Microsoft is aware of the reported flaw and has been working with eBay on the matter, a company representative said in a statement. "This possible vulnerability was being auctioned on eBay, but has now been removed," the representative said.

According to the description of the item on eBay, the vulnerability was discovered on Dec. 6 and all the details were submitted to Microsoft. The flaw lies in the way Excel validates data when handling documents and exploiting it will compromise a user's PC, according to the now-removed eBay post.

Microsoft is not aware of any attacks that attempt to use the reported vulnerability, the software maker said. The company will continue to investigate the issue and may provide a fix as part of its monthly patching process or issue a security advisory, the Microsoft representative said.

The eBay seller even had a special offer for Microsoft employees: a 10 percent discount. "To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout," the now-removed post said.