A vulnerability has been discovered in REGISTER.ID, a worksheet function, when referencing a DLL created by a malicious user. When REGISTER.ID is invoked from an Excel worksheet it can reference any DLL on the system and can be harmful if the referenced DLL contains malicious code. By design, there is no warning given to the user when REGISTER.ID calls a DLL, from a worksheet. In order for a malicious user to exploit this vulnerability the referenced (malicious) DLL would have to reside on the affected user's computer or on a machine accessible via a UNC path on the user's network.Microsoft has released this patch to eliminate this security vulnerability.
|File Size||907.67 kB|