OFF97: Office 97 ODBC Driver Vulnerability Security Update (238445)
The information in this article applies to:
- Microsoft Office 97 for Windows
- Microsoft ODBC Driver for Access 2.0
- Microsoft ODBC Driver for Access 3.0
- Microsoft ODBC Driver for Access 3.5
- Microsoft ODBC Driver for Access 3.6
This article was previously published under Q238445 SUMMARY Microsoft has become aware of a potential security issue
involving a specific version of the Microsoft Access ODBC driver, which a
malicious coder could theoretically exploit. This issue affects Microsoft Excel
97, as well as any program that makes use of the Microsoft Access ODBC driver
version 3.5x or earlier and Microsoft Internet Information Server
(IIS).
The Microsoft Access Open Database Connectivity (ODBC) driver
versions 3.5x and earlier allow you to embed Microsoft Visual Basic for
Applications commands into string expressions. These commands could include
instructions to delete your files or other such malicious acts. You could
potentially encounter this problem by visiting a Web site that causes a
spreadsheet to open or by opening a spreadsheet that is attached to an
e-mail.
An update is available that corrects this issue. See the
"More Information" section of this article for information about how to
download and install this update.
NOTE: Microsoft released an updated version of the Office 97 ODBC
Driver Vulnerability Security Update on October 11, 1999. The new update fixes
an additional variant of the Text ISAM vulnerability.
NOTE: It is not necessary to install this update on Windows 2000.
REFERENCESFor additional information about this problem, click the
article numbers below to view the articles in the Microsoft Knowledge Base: 239104 Jet Expression Can Execute Unsafe Visual Basic for Application Functions
239105 Jet Expression Can Execute Unsafe Visual Basic for Application Functions
Modification Type: | Minor | Last Reviewed: | 11/22/2005 |
---|
Keywords: | kbdownload kbhowto kbofficeupdate KB238445 |
---|
|