A
Alan
Hi All,
I was passed a workbook by a colleague that has an embedded Shockwav
Flash file in a worksheet.
The file contains no detectable code whatsoever, so it *appears* to b
entirely safe to open.
However, clearly the Shockwave Flash file is active content of a sort.
I am not really familiar with this type of thing, so I am wondering i
it is a security risk in general (whether or not this particular on
is)?
I have attached the file within the ExcelForum webfeed that links t
microsoft.public.excel.programming as a text posting. This post shoul
have a URL to the file at the bottom if you are interested.
*WARNING*
The file may or may not be safe. I have no reason to suspect that i
is not, but the point of my post is to garner opinions as to whethe
this is a generic security risk (even if this particular example i
benign).
Also, the flash animation consists of line drawn animated cavema
characters. The subject could, I guess, offend some people, but mos
will just find it vaguely amusing. For the avoidance of doubt, ther
is nothing explicit (they disappear into a cave, and you can infer wha
they are doing).
I added my own code to the file as follows to determine what I coul
about the object:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sub TestObj()
Dim mysheet As Worksheet
Dim obj As OLEObject
Set mysheet = Worksheets("Arkusz1")
Set obj = mysheet.OLEObjects(1)
Debug.Print "AltHTML = " & obj.AltHTML
Debug.Print "AutoLoad = " & obj.AutoLoad
Debug.Print "Creator = " & obj.Creator
Debug.Print "Locked = " & obj.Locked
Debug.Print "Name = " & obj.Name
Debug.Print "OLEType = " & obj.OLEType
Debug.Print "ProgId = " & obj.ProgId
Debug.Print "Verb = " & obj.Verb
Debug.Print "ZOrder = " & obj.ZOrder
' This would return an object so nonsensical to print it
' but is it just a reference to itself or some other object?
' If the latter, then what?
'
' Debug.Print "Object = " & obj.Object
' Not sure why this fails it should be a string, but it errors out.
'
' Debug.Print "SourceName = " & obj.SourceName
End Sub
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The output to my immediate window is as follows:
AltHTML =
AutoLoad = False
Creator = 1480803660
Locked = True
Name = ShockwaveFlash2
OLEType = 2
ProgId = ShockwaveFlash.ShockwaveFlash.1
Verb = True
ZOrder = 1
Any comments are welcome!
Thanks,
Alan
I was passed a workbook by a colleague that has an embedded Shockwav
Flash file in a worksheet.
The file contains no detectable code whatsoever, so it *appears* to b
entirely safe to open.
However, clearly the Shockwave Flash file is active content of a sort.
I am not really familiar with this type of thing, so I am wondering i
it is a security risk in general (whether or not this particular on
is)?
I have attached the file within the ExcelForum webfeed that links t
microsoft.public.excel.programming as a text posting. This post shoul
have a URL to the file at the bottom if you are interested.
*WARNING*
The file may or may not be safe. I have no reason to suspect that i
is not, but the point of my post is to garner opinions as to whethe
this is a generic security risk (even if this particular example i
benign).
Also, the flash animation consists of line drawn animated cavema
characters. The subject could, I guess, offend some people, but mos
will just find it vaguely amusing. For the avoidance of doubt, ther
is nothing explicit (they disappear into a cave, and you can infer wha
they are doing).
I added my own code to the file as follows to determine what I coul
about the object:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Sub TestObj()
Dim mysheet As Worksheet
Dim obj As OLEObject
Set mysheet = Worksheets("Arkusz1")
Set obj = mysheet.OLEObjects(1)
Debug.Print "AltHTML = " & obj.AltHTML
Debug.Print "AutoLoad = " & obj.AutoLoad
Debug.Print "Creator = " & obj.Creator
Debug.Print "Locked = " & obj.Locked
Debug.Print "Name = " & obj.Name
Debug.Print "OLEType = " & obj.OLEType
Debug.Print "ProgId = " & obj.ProgId
Debug.Print "Verb = " & obj.Verb
Debug.Print "ZOrder = " & obj.ZOrder
' This would return an object so nonsensical to print it
' but is it just a reference to itself or some other object?
' If the latter, then what?
'
' Debug.Print "Object = " & obj.Object
' Not sure why this fails it should be a string, but it errors out.
'
' Debug.Print "SourceName = " & obj.SourceName
End Sub
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
The output to my immediate window is as follows:
AltHTML =
AutoLoad = False
Creator = 1480803660
Locked = True
Name = ShockwaveFlash2
OLEType = 2
ProgId = ShockwaveFlash.ShockwaveFlash.1
Verb = True
ZOrder = 1
Any comments are welcome!
Thanks,
Alan