Vulnerability Description
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Excel | 97 |
References
- http://www.securityfocus.com/bid/179
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1737
- http://www.securityfocus.com/bid/179
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/1737
FAQ
What is CVE-1999-1055?
CVE-1999-1055 is a vulnerability with a CVSS score of 7.5 (HIGH). Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the...
How severe is CVE-1999-1055?
CVE-1999-1055 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-1999-1055?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Excel.