• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Russian New Year CALL Vulnerability

The CALL function within a Microsoft Excel worksheet calls procedures from dynamic link libraries (DLLs) that are external to a worksheet. The CALL function can be used in macros or as a worksheet function. Normally Excel warns users before running a macro. However no such warning appears before a worksheet function is calculated. This allows a malicious Excel file to call external procedures in a DDL without the user's knowledge.

This vulnerability is made worst by the fact that many common web browsers open links to Office documents automaticly without asking the user. Browser with this behaviour include MIcrosoft IE and Netscape 3.x and 4.x. Netscape 3.5 and later do not exhibit this behaviour.