Microsoft Excel XML Vulnerability
BID:1087
Info
Microsoft Excel XML Vulnerability
| Bugtraq ID: | 1087 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 03 2000 12:00AM |
| Updated: | Apr 03 2000 12:00AM |
| Credit: | Discovered by Darryl Higa and publicized in Microsoft Security Bulletin (MS00-022) on April 3, 2000. |
| Vulnerable: |
Microsoft Excel 97 Microsoft Excel 2000 |
| Not Vulnerable: | |
Discussion
Microsoft Excel XML Vulnerability
Under normal circumstances, Microsoft Excel produces a warning dialogue when a user attempts to open a macro file that resides outside of the spreadsheet that is currently in use. The dialog box will not appear if the user opens a macro file consisting of Excel 4.0 Macro Language (XML) in an external text file. Even if a user were to have chosen the option of 'High Security' in Excel, they would still be affected by this vulnerability. It is not possible to exploit this vulnerability in such a way that it would self launch.
Under normal circumstances, Microsoft Excel produces a warning dialogue when a user attempts to open a macro file that resides outside of the spreadsheet that is currently in use. The dialog box will not appear if the user opens a macro file consisting of Excel 4.0 Macro Language (XML) in an external text file. Even if a user were to have chosen the option of 'High Security' in Excel, they would still be affected by this vulnerability. It is not possible to exploit this vulnerability in such a way that it would self launch.
Exploit / POC
Microsoft Excel XML Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].