Published:
20 October 1999
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-1999.158 -- Microsoft Security Bulletin (MS99-044)
Patch Available for "Excel SYLK" Vulnerability
21 October 1999
===========================================================================
Microsoft Corporation has released the following security bulletin
concerning two vulnerabilities in the secure handling of macros by MS Excel
97 and Excel 2000. The primary vulnerability is the "Excel SYLK"
vulnerability which allows macros to execute, bypassing the macro warning
mechanism provided by Excel, if such macros are stored in "Symbolic Link"
(SYLK) format files.
(Please Note: Symbolic Link (SYLK) format refers to an ASCII-based text file
storage format used for the sharing of documents between applications with
no other higher-level file exchange format. They and have nothing to do
with UNIX Symbolic links (symlinks))
The secondary vulnerability exists in the way that Excel 97 handles macros
embedded in documents imported from third-party products like Quatro Pro and
Lotus 1-2-3. Excel 97 runs macros stored in some third party documents
without warning the user when the document is opened. The vulnerability
does not appear to exist in Excel 2000 and does not represent a vulnerability
in Quatro Pro nor Lotus 1-2-3. It refers only to Excel 97's handling of
embedded macros in documents imported from third-party products.
These vulnerabilities may allow a remote user to execute any user
command on a system where an Excel document with a malicious macro is
opened. Macro commands executed may include creating, deleting or modifying
data files, reformatting the hard drive, or copying data to or from a web
site.
Microsoft have issued a patch with corrects both vulnerabilities:
http://www.microsoft.com/security/bulletins/MS99-044.asp
===========================================================================
This security bulletin is provided as a service to AusCERT's members.
As AusCERT did not write the document referenced above, AusCERT has
had no control over its content. The decision to use any or all
of this information is the responsibility of each user or organisation,
and should be done so in accordance with site policies and procedures.
If you have any questions or need further information, please contact
Microsoft Corporation directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/Information/advisories.html
If you believe that your system has been compromised, contact AusCERT or
your representative in FIRST (Forum of Incident Response and Security
Teams).
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for emergencies.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
Comment: ftp://ftp.auscert.org.au/pub/auscert/AUSCERT_PGP.key
iQCVAwUBOBBw/ih9+71yA2DNAQEm/wQAm+A3hVeen+TSfIL9N2cODqCJLurDOp+0
2ybfyKGd6PuHKzzmMT3tllyH9U6VQup4Ie5hSV7V/XCWH4R4a0bvDejit9N10e1U
MGXDfIvdPJJAcDlpCH2FmMYrc+z4sHXHwzN2ybsH5+SkElL0zb+BP6XXNT190BV9
T+pDyER35EY=
=PG3Z
-----END PGP SIGNATURE-----