eBay has shut an auction set up to sell information on a security hole in Microsofts Excel spreadsheet to the highest bidder.
The bidding is said by third-party sources to have run to $53 from 19 different bidders at the point it was stopped by eBay on advice from Microsoft itself.
Microsoft has since confirmed that the vulnerability was genuine but stressed that it was not aware of any circulating exploits. It is not clear when a patch will be made available.
The posting could be the work of a researcher out to play a prank on the current system for reporting security vulnerabilities.
"It can be assumed that no patch addressing this vulnerability will be available within the next few months. So, since I was unable to find any use for this by-product of Microsoft developers, it is now available for you at the low starting price of $0.01 (a fair value estimation for any Microsoft product)," said the individual who placed the hole in the auction listing.
The unknown researcher also makes reference to his or her open source sympathies.
"Microsoft representatives get 10 percent off the final price. To qualify, you MUST provide @microsoft.com e-mail address and MUST mention discount code LINUXRULZ during checkout," the poster says.
Unconventional it might be, but the principle of paying for security holes is . Verisigns iDefense Labs and, more recently, 3Coms TippingPoint currently pay researchers for vulnerability information, and Mozilla is known to offer a bounty for anyone uncovering security issues in its browser.