Date: Fri, 29 Mar 2024 08:32:02 -0400 (EDT) Message-ID: <1132680403.29.1711715522807@windcrest.sei.cmu.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_28_269150515.1711715522804" ------=_Part_28_269150515.1711715522804 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
A complete revision history can be found at the end of this file.
According to Microsoft, versions of Excel and Powe= rPoint (or indeed, other products in the Office suite) prior to this may be= affected, but may be outside of hotfix support. [For example, Symantec states that Microsoft Excel 97 and Microsoft Powerpoi= nt 97 are vulnerable.] Because Microsoft Excel 97 and Microsoft Powerpoint = 97 are outside of the hotfix support window, these products may be vulnerab= le, but not eligible for a hotfix. For more information regarding hotfix el= igibility status, please see the Microsoft Product Support Services webpage. In= general, Microsoft no longer tests software outside of hotfix status for v= ulnerabilities, and does not provide patches to address vulnerabilities tha= t may be discovered in that software.
Quoting from Microsoft Security Bulletin MS01-050
It's important to understand that Excel and PowerPoint 97 do not have= the same macro security framework as Excel and PowerPoint 2000 and 2002. T= he Excel and PowerPoint 97 macro security framework lacks many key features= that the 2000 and 2002 macro security framework has, including a digital s= ignature trust model that allows trusted, signed macros to be differentiate= d from untrusted, unsigned macros. Under this older framework, it is diffic= ult for a user to make an informed decision regarding the trustworthiness o= f macros. In addition, as noted under "Tested Versions", Excel and PowerPoi= nt 97 are no longer supported products. Because of these two issues, custom= ers who are concerned about macro security are urged to upgrade to a suppor= t version with a more robust macro security model.
An intruder can include a = specially crafted macro in a Microsoft Excel or PowerPoint document that ca= n avoid detection and run automatically regardless of the security settings= specified by the user.
Microsoft Excel and PowerPoint scan documents when they are opened a= nd check for the existence of macros. If the document contains macros, the = user running Excel or PowerPoint is alerted and asked if he would like the = macros to be run. However, Microsoft Excel and PowerPoint may not detect ma= lformed macros, so a user can unknowingly run macros containing malicious c= ode when opening an Excel or PowerPoint document.
An intruder who can= entice or deceive a victim into opening a document using a vulnerable vers= ion of Excel or PowerPoint could take any action the victim could take, inc= luding, but not limited to
For more information, please see
Given the strong potential for widespread abuse of this vulnerability, w= e strongly recommend that you apply patches as soon as you are able. For ex= ample, the Melissa virus which spread in March of 1999 used social engineer= ing to convince victims to execute a macro embedded in a Microsoft Word doc= ument. For more information, see the CERT/CC Advisory listed below.
As a general practice, everyone should be aware of the potential damage = that Trojan horses and other kinds of malicious code can cause to any platform. For more information, see
This vulnerability has been assigned the identifier CAN-2001-0718 by the= Common Vulnerabilities and Exposures (CV= E) group:
An attacker can execute ar= bitrary code on the target system with the privileges of the victim running= Excel or PowerPoint.
Until a patch can be applied, and as a general practice, we recommend us= ing caution when opening attachments. However, it is important to note that= relying on the "From" line in an electronic mail message is not sufficient= to authenticate the origin of the document.
This appendix contains information provided by vendors for th= is advisory. When vendors report new information to the CERT/CC, we update = this section and note the changes in our revision history. If a particular = vendor is not listed below, we have not received their comments.
See Micro= soft Security Bulletin MS01-050
The CERT Coordination Center thanks Peter Ferrie and Symantec Security Response, who discovere= d this vulnerability and published the information in their advisory. Additionally, we thank Microsoft Corporation, who published an advisory on this issue.
Author: Ian A. Finlay and Shawn V. Hernan.
Copyright 2001 Carnegie Mellon University.
Revision History
October 8, 2001: initial release October 11,2001: added information to systems affected section October 15,2001: revised systems affected section