Microsoft Excel macros can execute DLL functions.

Microsoft Excel - a spreadsheet program created by Microsoft - is vulnerable to an exploit that allows the
execution DLL functions without user intervention or knowledge.

Microsoft Excel has a function named "CALL" which can be embedded in spreadsheet macros and worksheet
functions. Although a warning is issued when a macro is executed and the macro can be disabled by the user before
execution, the actual execution of worksheet functions does not display a warning message making it possible to
execute code without the user knowingly allowing it.

This vulnerability allows executing DLL functions by using "CALL". These DLLs can be system DLLs that contain
network functionality, file reading and writing, execution of shell programs (such as "format"), etc.

This vulnerability was fixed by Microsoft and a patch is available for customers who want to disable this functionality
when it executed within worksheet functions (The functionality is unaffected in macros).

The patch can be found at: http://support.microsoft.com/support/kb/articles/q196/7/91.asp. Microsoft's Security
home page can be found at: http://www.microsoft.com/security/.