Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

excel.macro.virus.patch.flaw.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 24 Views

Discusses flaws in Excel macro virus protection and patch effectiveness for Excel 97 methods.

Code
`Date: Thu, 13 May 1999 16:12:48 -0400  
From: rotaiv <[email protected]>  
To: [email protected]  
Subject: Re: Microsoft Security Bulletin (MS99-014)  
  
  
-----BEGIN PGP SIGNED MESSAGE-----  
  
This is in response to the Microsoft Security Bulletin (MS99-014).  
  
On 3/29/99 I posted a message to BugTraq titled, "Bypassing Excel  
Macro Virus Protection". The message explained two ways to bypass the  
"Macro Virus Protection" option in Excel 97. One is to password  
protect an infected spreadsheet (Q176640) and the second is to copy an  
infected spreadsheet into the XLSTART directory (Q180614). Both  
methods will open an infected spreadsheet without the macro warning  
appearing.  
  
I would love to think Microsoft Security Bulletin (MS99-014) was in  
response to my email but I'll be humble and chalk it up to  
coincidence. I downloaded the patch to see if addressed the two  
scenarios I described above. I found that you will now receive the  
macro warning on a password protected file but not on a file copied to  
the XLSTART directory. Also, you can still enable or disable the  
macro virus protected with a simple reg hack. I guess that is not so  
important because if you can perform a reg hack, you can do a lot more  
than execute an Excel macro.  
  
I am not sure what really prompted Microsoft to release a patch for  
Excel but I find it surprising that they did not address the XLSTART  
option either. They should at least give us the option of deciding if  
this directory is trusted, thereby by-passing the macro virus warning.  
  
'nuff said.  
  
rotaiv -£-  
  
-----BEGIN PGP SIGNATURE-----  
Version: PGP Personal Privacy 6.0.2  
  
iQEVAwUBNzsxdQuGSvRTfa2rAQHe+Af+NXzCRMZ6ALIsiezLQ5XhOuBgmRZALeoO  
k2LMkGfVea8jO7olA/wtwnrS2E0eCUVSMW23ZSxkd8Q9hbYBxbc8GvPOzOTGL4EP  
tmZkyvxcB2QyyDmJjIQuJQKcGCggr0ahPNr9pvv9DsBHJeRifcS6niXZrm5uQJb7  
qhY4QJzAWQ9cXEiqoNuTofgR1eg276MUSuh2Om29FIjkfcMocdGghrkQLBGvN9MB  
Hlm9Z7D0I3/zT88c+A6IeyZHbe9/6PaAODgn3QuhKla8PbetyGj/Qbclua5kNR/X  
tVoLWIIrcA2ZKsgQn1SLtcKTqDV5KPTGrz3yB1ZH9BJ37qmXLOegfw==  
=qJ15  
-----END PGP SIGNATURE-----  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
excel macro virus protectionmicrosoft security bulletinpassword protected filexlstart directoryreg hacksecurity patch.
24