Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
Office HTML Script and IE Script Vulnerabilities
Two vulnerabilities have recently been discovered, one affecting Microsoft Office 2000 and PowerPoint 97, and the other affecting Internet Explorer 4.01 Service Pack 2 and higher. The effect of both vulnerabilities are the same -- they could allow a malicious web site operator to cause code of his choice to run on the computer of a visiting user.
Issue
Although they involve different products, the effect, risk and exploit scenario are exactly the same. As a result, we have chosen to discuss them in the same bulletin. The vulnerabilities are:
- The Office Script vulnerability. This vulnerability could allow script hosted on a malicious user's web site to save an Excel 2000, Powerpoint 2000, or Powerpoint 97 file to the computer of a visiting user. Depending on where and how the file were saved to the user's computer, it could be made to launch automatically. If this were done, macro or VBA code could be made to run.
- The IE Script vulnerability. This vulnerability could allow script hosted on a malicious user's web site to reference a Microsoft Access file on the site. In turn, the Access file, when opened, could cause macro or VBA code to run.
Affected Products
- Microsoft Internet Explorer 4.01 SP2, PowerPoint 97 & 2000 and Excel 2000
Solution
Software patches are available from the locations below:
- Microsoft Excel 2000 and PowerPoint 2000:
http://officeupdate.microsoft.com/2000/downloaddetails/
Addinsec.htm - Microsoft PowerPoint 97:
http://officeupdate.microsoft.com/downloaddetails/PPt97sec.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: August 9, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
