Bugtraq mailing list archives
Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability
From: storm () UNIKEY COM BR (Wanderley J. Abreu Jr.)
Date: Mon, 9 Aug 1999 21:41:48 -0300
Well... It's very pleasant to see that Microsoft is doing something about this issue, but... 1. My patch was made 6 days ago, and Jimmy Guse's patch (non-gui) was made about 3 days before my version was released. (Just in case, my patch is available at security focus homepage http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip) 2. This patch only works with MS documents, ignoring all the other types that could present the same trouble. 3. It changes All the 3rd Bytes of EditFlags Entries (All from MS Office documents which contain Docking Objects) to 00. It doesn't allow you to see what's happening, nor let you change an specific EditFlags Value. 4. It doesn't include the source code (Of Course), my patch does (Of Course) =) 5. It doesn't show you the changes that were made. 6. You'll have to wait a week more to get the final MS-patch (that probably won't correct the DocObject enviroment for other non-microsoft products). So perhaps to the general public this workaround could be something good. But to the members of this list ( who might want something more complete and see clearly what's happening inside their computers) Microsoft MUST do something... better.... far better... I Think Microsoft should take a good look at the workarounds that we, the real users, have made and then search for the best solution. Regards, Wanderley
Current thread:
- Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability Wanderley J. Abreu Jr. (Aug 09)
- Re: Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability BUGTRAQ () SECURITYFOCUS COM Bronek Kozicki (Aug 11)
- <Possible follow-ups>
- Re: Some Thoughts About The "So Called" Excel97 ODBC Security Vulnerability Kuo, Jimmy (Aug 11)