Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-1999.158 -- Microsoft Security Bulletin (MS99-044) Patch Available for "Excel SYLK" Vulnerability 21 October 1999 =========================================================================== Microsoft Corporation has released the following security bulletin concerning two vulnerabilities in the secure handling of macros by MS Excel 97 and Excel 2000. The primary vulnerability is the "Excel SYLK" vulnerability which allows macros to execute, bypassing the macro warning mechanism provided by Excel, if such macros are stored in "Symbolic Link" (SYLK) format files. (Please Note: Symbolic Link (SYLK) format refers to an ASCII-based text file storage format used for the sharing of documents between applications with no other higher-level file exchange format. They and have nothing to do with UNIX Symbolic links (symlinks)) The secondary vulnerability exists in the way that Excel 97 handles macros embedded in documents imported from third-party products like Quatro Pro and Lotus 1-2-3. Excel 97 runs macros stored in some third party documents without warning the user when the document is opened. The vulnerability does not appear to exist in Excel 2000 and does not represent a vulnerability in Quatro Pro nor Lotus 1-2-3. It refers only to Excel 97's handling of embedded macros in documents imported from third-party products. These vulnerabilities may allow a remote user to execute any user command on a system where an Excel document with a malicious macro is opened. Macro commands executed may include creating, deleting or modifying data files, reformatting the hard drive, or copying data to or from a web site. Microsoft have issued a patch with corrects both vulnerabilities: http://www.microsoft.com/security/bulletins/MS99-044.asp =========================================================================== This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document referenced above, AusCERT has had no control over its content. The decision to use any or all of this information is the responsibility of each user or organisation, and should be done so in accordance with site policies and procedures. If you have any questions or need further information, please contact Microsoft Corporation directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/Information/advisories.html If you believe that your system has been compromised, contact AusCERT or your representative in FIRST (Forum of Incident Response and Security Teams). Internet Email: firstname.lastname@example.org Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for emergencies. -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key iQCVAwUBOBBw/ih9+71yA2DNAQEm/wQAm+A3hVeen+TSfIL9N2cODqCJLurDOp+0 2ybfyKGd6PuHKzzmMT3tllyH9U6VQup4Ie5hSV7V/XCWH4R4a0bvDejit9N10e1U MGXDfIvdPJJAcDlpCH2FmMYrc+z4sHXHwzN2ybsH5+SkElL0zb+BP6XXNT190BV9 T+pDyER35EY= =PG3Z -----END PGP SIGNATURE-----