Just a reminder, there are workarounds to solve this. Cut-n-pasted from the vulnerability listing: MDAC 2.1 includes the JET 4.0 driver which is not affected by this vulnerability. It is available for download at: http://www.microsoft.com/data/download.htm Also, Wanderley J. Abreu Jr. <stormat_private> has written a program that will search the registry and modify the EditFlags value for DocObjects file types, setting the Confirm Open After Download value to 01. this means that these filetypes can no longer be silently downloaded and opened. This can be downloaded from: http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip Ben Greenbaum SecurityFocus www.securityfocus.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:18 PDT