Help and Support

XL97: Update Available for Excel CALL Vulnerability

View products that this article applies to.
Article ID:196791
Last Review:January 9, 2007
Revision:2.3
This article was previously published under Q196791
On This Page

SUMMARY

Microsoft has released an update for Microsoft Excel 97 that fixes a vulnerability that could allow certain types of executables to be run without a warning to the user.

To correct this problem, download and install the latest update for Excel 97. The latest update includes this and all other Excel-specific updates that have been released since the latest service release (SR) of Office. The files included in this update will be included in any later SR or patch. To upgrade to the latest patch or for more information about the history of Excel 97 patches, please click the article number below to view the article in the Microsoft Knowledge Base:
232652 (http://support.microsoft.com/kb/232652/EN-US/) XL97: Overview and History of Excel Patches
A legitimate Excel function, CALL, allows executables to be run from a worksheet and could be used to run executables of a malicious nature. A fully supported update that disables this functionality is available. The update works by disabling the CALL function on a worksheet, but does not disable the CALL function from within macros. Microsoft recommends that customers who need the CALL worksheet function evaluate the degree of risk that it poses to their systems and determine whether the best course of action is to apply the update.

This update is designed to update Microsoft Excel 97 Service Release 2 (SR-2). Microsoft does not currently have plans to provide a solution for the CALL vulnerability issue for earlier versions of Microsoft Excel. Because earlier versions of Excel do not provide full macro virus protection, disabling only the CALL worksheet function would not provide a significant level of safety as the CALL function can also be used in a macro.

Back to the top

MORE INFORMATION

CALL is a legitimate, advanced function that calls an outside procedure in a dynamic-link library (DLL) or code resource. The DLL or code resource called could contain code to perform potentially damaging or malicious behavior.

For example, using the CALL function in a workbook with the following syntax calls a DLL named Custom.dll containing a procedure named Test with a data type of Signed 4-byte integer: 
   =CALL("Custom", "Test", "J!")

Note that the exclamation point (!) makes the formula volatile, recalculating any time the worksheet changes.

In this example, the procedure named Test that is called can perform any type of operation including potentially damaging behavior. The CALL function simply executes this code which resides within the DLL. A custom DLL is not part of Excel nor is it contained in the workbook.

The Call statement is used in a Visual Basic for Applications module sheet to call another macro located in the same workbook or transfer control to an intrinsic function, a dynamic-link library (DLL) procedure, or a procedure in a Macintosh code resource. This form of the Call statement cannot bypass the built-in macro virus protection.

This example illustrates how the Call statement can transfer control to a Sub procedure. 
 Sub Main()
    Call PrintToDebugWindow("Hello World")	
    ' The above statement causes control to be passed to the
    ' Sub procedure below.
 End Sub

 Sub PrintToDebugWindow(AnyString)
    Debug.Print AnyString   ' Print to Debug window.
 End Sub

Excel displays a warning before running macros, including those containing the Call statement, which allows you to decide whether or not to run them. However, Excel does not generate a warning before executing worksheet functions. Because the CALL function resides on the worksheet and not in a macro or module, you will not receive any warning when the workbook opens. The CALL function will then execute the intended procedure in a DLL or other code resource without warning.


Back to the top

How Does the Patch Work?

After you install the Excel 97 SR-2 CALL Function Update, no prompts or alerts will appear notifying you of the update. Everything will appear and function normally. However, when you use the CALL worksheet function or open a workbook that contains the CALL function, the result will always return the value FALSE. This indicates that the function is disabled and is not functional.

Back to the top

REFERENCES

For more information about the CALL function, click Contents and Index on the Help menu, click the Index tab in Excel 97 Help, type the following text
call
and then double-click the selected text to go to the "Call" topic. If you are unable to find the information you need, ask the Office Assistant.

Back to the top

APPLIES TO
Microsoft Excel 97 Standard Edition

Back to the top

Keywords: 
kbdtacode kbfix kbhowto kbpatch KB196791

Back to the top

Article Translations

 

Related Support Centers

Other Support Options

  • Need More Help?
    Contact a Support professional by Email, Online or Phone.
  • Customer Service
    For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
  • Newsgroups
    Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.