In the news
Georgi Guninski security advisory #57, 2002
IE and .xla leads to problems
Office XP + IE 6.0 + Win2K (probably others)
Date: 31 July 2002
This Advisory is Copyright (c) 2002 Georgi Guninski.
You may distribute it unmodified.
You may not modify it and distribute it or distribute parts
of it without the author's written permission.
If you want to link to this content use the URL:
Anything in this document may change without notice.
The information in this advisory is believed to be true though
it may be false.
The opinions expressed in this advisory and program are my own and
not of any company. The usual standard disclaimer applies,
especially the fact that Georgi Guninski is not liable for any damages
caused by direct or indirect use of the information or functionality
provided by this advisory or program. Georgi Guninski bears no
responsibility for content or misuse of this advisory or program or
any derivatives thereof.
If an IE user visits specially designed web page, the page may create
almost arbitrary files on his computer. This may lead to executing arbitrary
programs on the user's computer.
This isn't quite new issue, but the involvement of IE in it makes it worth
noting.  (from March 2002) Describes a problems with ms spreadsheet
compononent  and in its Host() function which may be exploited to create
Microsoft tried to produce a partial patch on the issue, but the problem
solved yet. It is still possible to create a .xls or .xla file which writes
files with the help of OWC. The .xla file may be just .html file with .xla
Note: the html formating of  is broken, so newlines should
be dealt with.
Another interesting problem is  from 2000. The key point in it is that
IE may invoke Excel with <object data="file.xla"></object>. Though
visible, Excel executes "file.xla", which may contain tricks from
, so OWC does SaveAs().
So the ActiveX strange scheme is like this: IE -> Excel -> OWC ->
In IE disable "Run ActiveX controls and plugins"
Have not tested this personally but probably works:
Deregister and delete the ms office spreadsheet component and/or all the
OWC. This may be done from:
ControlPanel - Add/Remove programs - Office - Change (then look for
Microsoft was notified several days ago - they have opened a case on this
(available from www.guninski.com and public lists):
 Georgi Guninski security advisory #53, 2002 -
More Office XP problems - Version 3.0 - 31 March 2002
 The spreadsheet component from OWC is well documented on the office cds.
 Georgi Guninski security advisory #13, 2000
IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs