Microsoft Excel XLM Macro Security Level Bypass Vulnerability



Date Discovered

November 11, 2003


A vulnerability has been reported to affect Microsoft Excel that could be exploited by an attacker to execute an XLM macro regardless of the macro security level. The issue has been reported to present itself due to a failure by Excel to sufficiently scan a malicious spreadsheet file before opening it. As a result of this failure an XLM macro embedded in a malicious spreadsheet will be executed when the document is opened, without Excel presenting a macro security warning and regardless of Excel macro security settings.

Technologies Affected

  • Microsoft Excel 2000
  • Microsoft Excel 2000 SP2
  • Microsoft Excel 2000 SP3
  • Microsoft Excel 2000 SR1
  • Microsoft Excel 2002
  • Microsoft Excel 2002 SP1
  • Microsoft Excel 2002 SP2
  • Microsoft Excel 97
  • Microsoft Excel 97 SR1
  • Microsoft Excel 97 SR2


Run all software as a nonprivileged user with minimal access rights.
Running the affected software with least privileges possible may mitigate the impact of successful exploitation of this issue.

Do not accept or execute files from untrusted or unknown sources.
A remote attacker may attempt to exploit this vulnerability by presenting a malicious spreadsheet to an unsuspecting user. Do not accept or open unexpected excel spreadsheets.

Microsoft has released a security bulletin (MS03-050) and fixes to address this issue. Users who are potentially affected by this vulnerability are advised to apply these fixes as soon as possible.



Discovery of this vulnerability has been credited to Kazuyuki Housaka.

© 1995- Symantec Corporation

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from


The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.