PROBLEM: Security vulnerabilities ("Office HTML") have been found in Office 2000 (Excel and PowerPoint) and in PowerPoint 97. Internet Explorer also has a vulnerability ("IE") that can be exploited using Access. PLATFORM: Those running: Microsoft Excel 2000 Microsoft PowerPoint 97 and 2000 Microsoft Internet Explorer 5.5, 5.01 SP1, 5.01, 4.01 SP2 DAMAGE: The first set of vulnerabilities allows malicious script code on a web page to cause a remotely hosted file to be saved on a visiting user's hard drive. The second vulnerability allows malicious script code on a web page to execute a VBA macro code in a remotely hosted file. SOLUTION: Apply the patches given below to eliminate the first set of vulnerabilities. A workaround for the second vulnerability is also given below.
VULNERABILITY The risk is HIGH. The vulnerabilites and exploits have been ASSESSMENT: discussed in public forums.
Voice: +1 925-422-8193 (7 x 24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: firstname.lastname@example.org World Wide Web: http://www.ciac.org/ http://ciac.llnl.gov (same machine -- either one will work) Anonymous FTP: ftp.ciac.org ciac.llnl.gov (same machine -- either one will work)