The flaw is supposedly so severe that it gives hackers the ability to control a computer remotely by exploiting the flaw on a computer that has Excel installed.

EBay noted that the listing was reviewed immediately after being put online, and pulled shortly after.

Although the seller is not breaking the law, the listing did violate one of the site's policies, stating that nothing will be sold that promotes illegal activity.

Not for Sale

The listing stated that the vulnerability was discovered on December 6, and that details of the flaw had already been submitted to Microsoft but that the software company had not yet issued a patch.

The seller wrote that the flaw was available at the low starting price of one penny, with an aside that the price should be considered "a fair value estimation for any Microsoft product."

According to the listing, the winning bidder would have received two Excel documents, with one modified to demonstrate the vulnerability. The seller did note, "It is up to you what to do with it, but you may not use it for malicious purposes."

"EBay did the right thing in taking it down so quickly," said Graham Cluley, senior technology consultant at Sophos. "Even if it's not legitimate, it's certainly not funny to see flaws up for sale."

Humor Less

Although it is possible that the flaw exists, and that the seller did report it properly to Microsoft, it is far more likely that the listing was a joke, said Cluley.

"It's hard to know if there's actually a real flaw, because it was taken down," he said. "But it's probably someone either trying to get attention or who needs a busier social life."

In general, Cluley does not think that this attempted eBay sale will represent the birth of a trend, given how the hacker community operates.

"You can usually pick up your flaws for free," he noted. "There are mailing lists where people give example of code and discuss flaws."