Microsoft: >> Excel Security Vulnerabilities
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
CVSS Score
7.5
EPSS Score
0.109
Published
2000-05-11
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
CVSS Score
7.2
EPSS Score
0.017
Published
2000-04-03
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
CVSS Score
7.5
EPSS Score
0.077
Published
1999-12-31
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
CVSS Score
4.6
EPSS Score
0.003
Published
1999-10-01
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
CVSS Score
2.6
EPSS Score
0.066
Published
1999-05-07
Page 36