COMMAND

    XLM Text Macro

SYSTEMS AFFECTED

    - Microsoft Excel 97
    - Microsoft Excel 2000

PROBLEM

    Following  is  based  on  a  Security Bulletin from the Microsoft.
    When an  Excel user  starts a  macro that  resides outside  of the
    current spreadsheet (for  example, in another  spreadsheet), Excel
    by  design  will  generate  a  warning  dialogue.   However,  this
    dialogue  is  not  generated  if  the  macro consists of Excel 4.0
    Macro Language (XLM) commands in an external text file.

    The  vulnerability  only  affects  whether  a  warning dialogue is
    displayed - it  does not change  any other aspects  of the macro's
    operation.   A malicious  user would  need to  entice a  user into
    accepting the spreadsheet  and opening it.   Further, there is  no
    means to "autolaunch"  such a macro,  so the malicious  user would
    need to entice the  user into clicking a  link into to launch  the
    macro.

    Microsoft thanks Darryl  Higa for reporting  this issue to  us and
    working with us to protect customers.

SOLUTION

    Previous versions of Excel may be affected by this  vulnerability.
    The  recommended  course  of  action  for  customers  using  these
    products is to upgrade to either  Excel 97 or 2000, and apply  the
    patch for them.  Patch availability:

        - Excel 97: http://www.officeupdate.com/downloadDetails/Xl8p9pkg.htm?s=/downloadCatalog/dldExcel.asp
          Note: This patch requires Office 97 Service Release 2
        - Excel 2000: http://www.officeupdate.com/2000/downloadDetails/O2kSR1DDL.htm
          This vulnerability is eliminated in Office Service Release
          1, which is available address above