Bugtraq mailing list archives
Re: Microsoft JET/Office Vulnerability Exploit
From: beng () SECURITYFOCUS COM (Ben Greenbaum)
Date: Wed, 18 Aug 1999 12:59:35 -0700
Just a reminder, there are workarounds to solve this. Cut-n-pasted from the vulnerability listing: MDAC 2.1 includes the JET 4.0 driver which is not affected by this vulnerability. It is available for download at: http://www.microsoft.com/data/download.htm Also, Wanderley J. Abreu Jr. <storm () UNIKEY COM BR> has written a program that will search the registry and modify the EditFlags value for DocObjects file types, setting the Confirm Open After Download value to 01. this means that these filetypes can no longer be silently downloaded and opened. This can be downloaded from: http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip Ben Greenbaum SecurityFocus www.securityfocus.com
Current thread:
- Microsoft JET/Office Vulnerability Exploit Elias Levy (Aug 18)
- Re: Microsoft JET/Office Vulnerability Exploit Ben Greenbaum (Aug 18)
- Jet 3.51 Vul / Office 97 hexedit () POREIA COM (Aug 18)
- <Possible follow-ups>
- Re: Microsoft JET/Office Vulnerability Exploit Russ (Aug 18)
- Re: Microsoft JET/Office Vulnerability Exploit Elias Levy (Aug 18)
- Administrivia Elias Levy (Aug 18)
- Microsoft JET/Office Vulnerability Exploit Ollie Whitehouse (Aug 19)
- Re: Microsoft JET/Office Vulnerability Exploit Russ (Aug 19)