The hole is dubbed the "Russian New Year" exploitation
Published:
14 January 1999 y., Thursday
Microsoft Corp._s Excel spreadsheet software has a vulnerability that lets hackers run certain types of
executables that can give them access to a PC user_s files, Internet security firm Finjan Inc. said yesterday. The hole is dubbed the "Russian New Year" exploitation, Finjan said in a statement from its offices in San Jose, Calif. The company said the new form of mobile-code attack "clearly illustrates the latent security threats on the Internet and the importance of inspecting any type of code that is downloaded onto your personal computer." John Duncan, product manager for Microsoft_s Office suite -- which includes Excel -- said information regarding the problem, along with a patch that plugged the vulnerability, was posted on Microsoft_s Web site Dec.10. The hacker backdoor is a legitimate Excel function, dubbed CALL, that allows executables to be run from a worksheet, Microsoft said. But if that executable, delivered via E-mail or from a Web site, is of a
malicious nature, "a worksheet containing this function could represent a security risk to customers," according to a Microsoft security bulletin also dated Dec. 10.
Finjan said Office 97 and Excel 97 users should apply Microsoft_s patch to disable the CALL function. But it added that Office 95 and Excel 95 "do not appear to have a patch to eliminate this CALL function nor do non-English language versions of Office 97 or Excel 97 have a solution."
Copying, publishing, announcing any information from the News.lt portal without written permission of News.lt editorial office is prohibited.