Excel for Windows and Macintosh: Critical security vulnerability

From: Aron Roberts <aron_at_socrates.berkeley.edu>
Date: Wed Oct 13 2004 - 10:14:18 PDT

   Microsoft has identified a critical security vulnerability in four
specific versions of Excel for both Microsoft Windows and the Mac OS
(both OS X and Classic).

   A spreadsheet crafted to exploit this vulnerability, which you
could receive as an email attachment, via a file server, or from a
Web page, could apparently expose your computer to remote code
execution. Under some circumstances, an attacker could even obtain
"complete control of the affected system."

   Microsoft is offering updates to resolve this vulnerability. You
can download these updates from the following Microsoft Security
Bulletin page:

   http://www.microsoft.com/technet/security/bulletin/MS04-033.mspx

   Products affected:

        Excel 2000
        Excel 2002
        Excel 2001 for Mac (OS 8.1 through 9.x)
        Excel v. X for Mac (OS X)

   Products not affected:

     Excel 2003
     Excel 2004 for Mac

   The corresponding versions of the Microsoft Office suite associated
with these versions of Excel are also listed on the above Security
Bulletin page.

Aron Roberts
Workstation Software Support Group

P.S. These Excel vulnerabilities were listed in Microsoft's Windows
Security Updates for October 2004, which Bob Callaway posted to
several lists yesterday, and which is characterized in the following
CNET article:

<http://news.com.com/Microsoft+warns+of+22+new+security+flaws/2100-1002_3-5406550.html>

   These Excel vulnerabilities are being spotlighted in this message
because of that product's ubiquity on campus desktops, and since some
Macintosh users may not be aware that these issues affect their
platform.

   In addition to resolving this particular issue, Windows users
and/or their support providers may also need to install other updates
from the October 2004 updates list. As Microsoft points out
<http://www.microsoft.com/security/bulletins/200410_windows.mspx>,
"If you have any of the software listed on this page installed on
your computer, you should visit the Windows Update Web site to
install related updates."

------------------------------------------------------------------------
The following was automatically added to this message by the list server:

For information about MAGNet, its meetings and events, and its
mailing list, including information on subscribing and unsubscribing,
see the MAGNet Web site at <http://magnet.berkeley.edu/>.
Received on Wed Oct 13 10:16:52 2004

This archive was generated by hypermail 2.1.8 : Wed Oct 13 2004 - 10:16:53 PDT