Excel CALL Function Vulnerability

A vulnerability exists in Microsoft® Excel® that could allow certain types of executables to be run without a warning to the user. A legitimate Excel function, CALL, allows executables to be run from a worksheet. If the executable called by the function is of a malicious nature, a worksheet containing this function could represent a security risk to customers.

Issue

CALL is an advanced function in Excel that allows a worksheet to call a procedure in a dynamic link library (DLL) or code resource. It is a legitimate function, and can be used in macros or as a worksheet function. Excel generates a warning to the user before running macros, including those containing the CALL function, and allows the user to decide whether or not to run them. However, Excel does not generate a warning before executing worksheet functions, and if used in this manner, CALL could be used to call an external DLL without a warning to the user.

An attacker could exploit this functionality by embedding a CALL function within an Excel spreadsheet and sending it to an unwary user. The attacker would be able to control whether the CALL function fired when the victim opened the spreadsheet or when another event occurred. It is important to note that the CALL function does not perform any malicious action by itself, and would serve only as an initiator for a malicious DLL.

Affected Products

• Microsoft Excel 97

Download

Patch: http://officeupdate.microsoft.com/downloadDetails/xl97cfp.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: December 10, 1998

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<