TekWarrior- To Protect And Inform The Public

Free Web Hosting Provider - Web Hosting - E-commerce - High Speed Internet - Free Web Page

Main office

Home
Message board
Tech board

News Room

Breaking News
Recent Stories

Security Fortress

Security Home
Virus Central

Bug Alert

Bug Alert Home
Latest Bugs& Patches

Download Center

Latest Downloads
Browser & Add-ons
Compression
E-Mail
Financial
Graphics
Internet
Misc
Multimedia
PC Accelerators
Security/Antivirus
Utilities
Web Accelerators

Reviews

Software Reviews
Hardware Reviews
Miscellearnous Reviews

Site Resources

Archives
FAQ
Staff & Contact
Support Team

Security Fortress - Alerts

Excel Security Hole

Excel Users Open To New Attack
A new type of attack has been identified allowing a malicious user to perform any actions the user could.
By: Victor Latona, Updates.com Wednesday July 26, 2000 12:00 AM

Redmond, WA. Microsoft Corporation has released an update for its popular spreadsheet program. Versions of Microsoft Excel are vulnerable to an exploit that could allow malicious code to run on a user's computer without notification. \A recently revealed vulnerability in Microsoft Excel 2000 and Excel 97 identified a method of executing code on a user's computer without their permission or knowing. According to Microsoft, "The code executed on the affected user's computer can perform any action the user could perform on the machine." This includes deleting every file on your hard drive. The two versions of Microsoft Excel have a REGISTER.ID function that can be misused to run malicious code. The REGISTER.ID function was intended to return the register ID of a DLL (dynamic link library) or code resource that has been previously registered and it is a normal worksheet function. However, due to a Microsoft error the REGISTER.ID worksheet function allows a DLL to be referenced from a worksheet without warning to user. For the attack to be successful the malicious user would need to produce a damaging DLL and have it referenced from an Excel worksheet using the REGISTER.ID function. Also, the DLL would need to reside on the users computer or a network share. Windows 2000 Patched Updated SQL Vulnerabilities Internet's Achilles' Heel If the attacker meets the two above-mentioned conditions the payload of the damaging DLL can be unleashed when the user opens the Excel document. With this exploit the user is not given the opportunity to choose whether they would like to open the document, as is given when a macro is enabled in a workbook. This is how code can be run without the user knowing it. The fix supplied by Microsoft disables the REGISTER.ID function from both Excel 2000 and Excel 97. It is recommended that all users of the affected versions download the patch.

Download REGISTER.ID security update for Excel.
Note: To use the REGISTER.ID security update, Excel 2000 users must have installed Office 2000 SR-1 or SR-1a.

Network

TekWebNetwork
Tekzone
Tekwarrior
TekWebDesign

Join Network:

Quick Bar

File of the week

IE 5.5

Free file

AdSubtract 1.66 SE

Beta releases

Paint Shop Pro 7 Beta

New releases

WinZip 8.0