Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability

[storm () UNIKEY COM BR (Wanderley J. Abreu Jr.)]

Well... It's very pleasant to see that Microsoft is doing something about
this issue, but...

1. My patch was made 6 days ago, and Jimmy Guse's patch (non-gui) was made
about 3 days before my version was released. (Just in case, my patch is
available at security focus homepage
http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip)

2. This patch only works with MS documents, ignoring all the other types
that could present the same trouble.

3. It changes All the 3rd Bytes of EditFlags Entries (All from MS Office
documents which contain Docking Objects) to 00. It doesn't allow you to see
what's happening, nor let you change an specific EditFlags Value.

4. It doesn't include the source code (Of Course), my patch does (Of Course)
=)

5. It doesn't show you the changes that were made.

6. You'll have to wait a week more to get the final MS-patch (that probably
won't correct the DocObject enviroment for other non-microsoft products).

               So perhaps to the general public this workaround could be
something good. But to the members of this list ( who might want something
more complete and see clearly what's happening inside their computers)
Microsoft MUST do something... better.... far better...
                I Think Microsoft should take a good look at the workarounds
that we, the real users, have made and then search for the best solution.

Regards,
        Wanderley