nerdexam
GIAC

GCIH · Question #635

What is the danger of downloading an .XLSM file from a website that is considered trustworthy by the user?

The correct answer is D. It can run embedded code when opened by a user. An .XLSM file is an Excel Macro-Enabled Workbook that can contain embedded VBA macros, which execute code when the file is opened by a user regardless of the site's perceived trustworthiness.

Malware Analysis & Advanced Persistent Threats

Question

What is the danger of downloading an .XLSM file from a website that is considered trustworthy by the user?

Options

  • AIt is an invalid file extension that can run arbitrary code
  • BIt can execute code when saved on the host without requiring user interaction
  • CIt sends the user's OS and browser version information back to the website
  • DIt can run embedded code when opened by a user

How the community answered

(31 responses)
  • A
    3% (1)
  • B
    3% (1)
  • D
    94% (29)

Why each option

An .XLSM file is an Excel Macro-Enabled Workbook that can contain embedded VBA macros, which execute code when the file is opened by a user regardless of the site's perceived trustworthiness.

AIt is an invalid file extension that can run arbitrary code

.XLSM is a fully valid and well-documented Microsoft Office Open XML format - it is not an invalid extension, though its macro capability makes it dangerous.

BIt can execute code when saved on the host without requiring user interaction

Macro execution in .XLSM files requires the file to be opened by the user; simply saving the file to disk does not trigger any code execution.

CIt sends the user's OS and browser version information back to the website

The .XLSM format does not inherently include functionality to transmit browser version or OS information back to a web server - that is not a characteristic of this file type.

DIt can run embedded code when opened by a userCorrect

The .XLSM format (Excel Macro-Enabled Spreadsheet) natively supports embedded VBA macros. When a user opens the file, these macros can execute automatically (via Auto_Open or Workbook_Open events) or be triggered by user interaction, allowing malicious code to run. The site's trustworthiness does not sanitize the file contents, making even downloads from seemingly safe sites a risk.

Concept tested: Macro-enabled Office file format risks

Source: https://learn.microsoft.com/en-us/office/vba/library-reference/concepts/getting-started-with-vba-in-office

Topics

#malicious macros#XLSM#document-based malware#social engineering

Community Discussion

No community discussion yet for this question.

Full GCIH Practice