exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

ms00-051

ms00-051
Posted Jul 27, 2000

Microsoft Security Bulletin (MS00-051) - Patch Available for Excel 97 and 2000 REGISTER.ID Function vulnerability which allows a malicious user to run code from an Excel worksheet without the user's knowledge. Microsoft FAQ on this issue available here.

SHA-256 | 88cea937c761ae956180b040a2887de09a1a78094445b65a925371ac1fd22474

ms00-051

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

Microsoft Security Bulletin (MS00-051)
- --------------------------------------

Patch Available for "Excel REGISTER.ID Function" Vulnerability
Originally posted: July 26, 2000

Summary
=======
Microsoft has released a patch that eliminates a security
vulnerability in Microsoft(r) Microsoft Excel 97 and Excel 2000. The
vulnerability could allow a malicious user to run code from an Excel
worksheet without the user's knowledge.

Frequently asked questions regarding this vulnerability and the patch
can be found at:
http://www.microsoft.com/technet/security/bulletin/fq00-051.asp

Issue
=====
A vulnerability has been discovered in REGISTER.ID, a worksheet
function, when referencing a DLL created by a malicious user. When
REGISTER.ID is invoked from an Excel worksheet it can reference any
DLL on the system and can be harmful if the referenced DLL contains
malicious code. By design, there is no warning given to the user when
REGISTER.ID calls a DLL, from a worksheet.
In order for a malicious user to exploit this vulnerability the
referenced (malicious) DLL would have to reside on the affected
user's computer or on a machine accessible via a UNC path on the
user's network.

Affected Software Versions
==========================
Microsoft Excel 97 or Excel 2000, which ship as part of the Office
suite or as stand-alone products.

Patch Availability
==================
- Microsoft Excel 2000:

http://officeupdate.microsoft.com/2000/downloaddetails/xl9p3pkg.htm
- Microsoft Excel 97:
http://officeupdate.microsoft.com/downloadDetails/xl8p10pkg.htm

Note Additional security patches are available at the Microsoft
Download Center

More Information
================
Please see the following references for more information related to
this issue.
- Frequently Asked Questions: Microsoft Security Bulletin MS00-051,
http://www.microsoft.com/technet/security/bulletin/fq00-051.asp
- Microsoft Knowledge Base (KB) articles, (available soon)
Q269252 (Excel 2000) and Q269263 (Excel 97) discusses this
issue in more detail.
- Microsoft TechNet Security web site,
http://www.microsoft.com/technet/security/default.asp

Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Product Support Services is available at
http://support.microsoft.com/support/contact/default.asp.

Revisions
=========
- July 26, 2000: Bulletin Created.

- -------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.

Last Updated July 26, 2000
(c) 2000 Microsoft Corporation. All rights reserved. Terms of use.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBOYBvwI0ZSRQxA/UrAQFjsAf+NbDDAcneCpPWEkMADYmP3MNHIeK5uo4m
Y4Z0tn1lQBsrxV935JeXDlfFR4qcIlxSlRDDIcnyFCVKwolmgpueLb07pbfbdA6C
gTRThfy4ysZeBrzkTdpif+yULAEPlZhUKoiEhZ0HwIvP2baS16c3stbTz4+LqhOC
nPrALbz5TpkVhsuYADdaHEftK4prgQarDtOHJ5oUOO/t2ezVxhOWHlwCOOM+CTDj
8mL/XI4OggMY3Z8Dfahg6uL1hooZlAJWeSC2QPhWW37xw6R8SrxhQOqoN2tIrLFa
goS+AZ1suG6nTDagC3L+7pulfZ/GM+5hH7ra1KSh1RpSkg2xMgLKFw==
=yfbD
-----END PGP SIGNATURE-----

*******************************************************************
You have received this e-mail bulletin as a result of your registration
to the Microsoft Product Security Notification Service. You may
unsubscribe from this e-mail notification service at any time by sending
an e-mail to MICROSOFT_SECURITY-SIGNOFF-REQUEST@ANNOUNCE.MICROSOFT.COM
The subject line and message body are not used in processing the request,
and can be anything you like.

To verify the digital signature on this bulletin, please download our PGP
key at http://www.microsoft.com/technet/security/notify.asp.

For more information on the Microsoft Security Notification Service
please visit http://www.microsoft.com/technet/security/notify.asp. For
security-related information about Microsoft products, please visit the
Microsoft Security Advisor web site at http://www.microsoft.com/security.
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close