Title: Microsoft Russian New Year CALL Vulnerability
Severity: INFO
Description:
The CALL function within a Microsoft Excel worksheet calls procedures from dynamic link libraries (DLLs) that are external to a worksheet. The CALL function can be used in macros or as a worksheet function. Normally Excel warns users before running a macro. However no such warning appears before a worksheet function is calculated. This allows a malicious Excel file to call external procedures in a DDL without the user's knowledge.
This vulnerability is made worst by the fact that many common web browsers open links to Office documents automaticly without asking the user. Browser with this behaviour include MIcrosoft IE and Netscape 3.x and 4.x. Netscape 3.5 and later do not exhibit this behaviour.
Affected Products:
- Microsoft Excel 95 0.0.0
- Microsoft Excel 97 0.0.0
- Microsoft Office 97 0.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
