COMMAND

    Excel

SYSTEMS AFFECTED

    Excel97, 2000

PROBLEM

    Following is based  on Microsoft Security  Bulletin.  The  primary
    vulnerability  addressed  by  patch  below  is  the  "Excel  SYLK"
    vulnerability.  Symbolic Link (SYLK) files can contain macros;  if
    such a file were opened in  Excel 97 or 2000, the macro  would run
    without asking for the user's permission.  These macros could take
    any action on the computer that the user could take.

    This patch also eliminates a vulnerability involving how Excel  97
    imports macros created by Lotus  1-2-3 or Quattro Pro.  When  such
    a  macro  is  imported,  Excel  97  runs it without asking for the
    user's permission.  These macros could be used to delete files  on
    the user's computer, but could take no other action.

    Microsoft acknowledges David Young  for bringing the "Excel  SYLK"
    vulnerability to their attention.

SOLUTION

    Patch availability:

      Excel 97:
        http://officeupdate.microsoft.com/downloadDetails/Xl8p7pkg.htm
      Excel 2000:
        http://officeupdate.microsoft.com/2000/downloadDetails/XL9p1pkg.htm