Bugtraq mailing list archives

Re: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code Exe cuti on Vulnerability

From: WaltonK () OCIT CO SACRAMENTO CA US (Walton, Keith)
Date: Fri, 30 Jun 2000 10:06:41 -0700

Yes, it works on Windows 98. I have also discovered that there is an option
in Visio 2000 to disable macros. By default it is unchecked.

-----Original Message-----
From: Jensenne Roculan [mailto:jroculan () securityfocus com]
Sent: Friday, June 30, 2000 9:30 AM
To: Walton, Keith
Cc: 'vuldb () securityfocus com'
Subject: Re: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code
Executi on Vulnerability

Hi there Keith,

Thanks very much for the information.  You may want to post your
workaround to bugtraq (bugtraq () securityfocus com).  I tried this with
WinNT 4.0 and it seems to work, have you verified on Win 98?

Cheers,

Jensenne Roculan
SecurityFocus.com
http://www.securityfocus.com
(403) 213-3939 ext. 229

On Thu, 29 Jun 2000, Walton, Keith wrote:

Assigning a password to the Administrator user in Access 2000 will help
protect against this vulnerability. It will at least bring up a login

dialog

when it tries to open the database.

By the way, this flaw also works with Visio 2000. I don't know of any way

to

protect against this one.

Keith () Walton net <mailto:Keith () Walton net>
Programmer/Analyst

Current thread:

FW: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code Exe cuti on Vulnerability Walton, Keith (Jun 30)
- <Possible follow-ups>
- Re: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code Exe cuti on Vulnerability Walton, Keith (Jun 30)