Security Holes Found In Microsoft Easter Eggs
REDMOND, WA -- It's damage control time for the Microsoft Marketing
Machine. Not only have exploits been found in IE, Outlook, and even the
Dancing Paper Clip, but now holes have been uncovered in Excel's Flight
Simulator and Word's pinball game.
"If you enter Excel 97's flight simulator and then hit the F1, X, and
SysRq keys while reading a file from Drive A:, you automatically gain
Administrator rights on Windows NT," explained the security expert who
first discovered the problem. "And that's just the tip of the iceberg."
Office 97 and 2000 both contain two hidden DLLs, billrulez.dll and
eastereggs.dll, that are marked as "Safe for scripting" but are not.
Arbitrary Visual BASIC code can be executed using these files. More
disturbing, however, are the undocumented API calls
"ChangeAllPasswordsToDefault", "OpenBackDoor", "InitiateBlueScreenNow",
and "UploadRegistryToMicrosoft" within easter~1.dll.
Microsoft spokesdroids have already hailed the problem as "an
insignificant byproduct of Microsoft innovation."