Re: Microsoft JET/Office Vulnerability Exploit

From: Ben Greenbaum (bengat_private)
Date: Wed Aug 18 1999 - 12:59:35 PDT

Next message: hexeditat_private: "Jet 3.51 Vul / Office 97"

Previous message: Thomas Biege: "Re: midnight commander vulnerability(?)"
Maybe in reply to: Elias Levy: "Microsoft JET/Office Vulnerability Exploit"
Next in thread: Russ: "Re: Microsoft JET/Office Vulnerability Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Just a reminder, there are workarounds to solve this.
Cut-n-pasted from the vulnerability listing:

MDAC 2.1 includes the JET 4.0 driver which is not affected by this
 vulnerability. It is available for download at:
 http://www.microsoft.com/data/download.htm

 Also, Wanderley J. Abreu Jr. <stormat_private> has written a
 program that will search the registry and modify the EditFlags value for
 DocObjects file types, setting the Confirm Open After Download value to
 01. this means that these filetypes can no longer be silently downloaded
 and opened. This can be downloaded from:
 http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip

Ben Greenbaum
SecurityFocus
www.securityfocus.com

Next message: hexeditat_private: "Jet 3.51 Vul / Office 97"
Previous message: Thomas Biege: "Re: midnight commander vulnerability(?)"
Maybe in reply to: Elias Levy: "Microsoft JET/Office Vulnerability Exploit"
Next in thread: Russ: "Re: Microsoft JET/Office Vulnerability Exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:57:18 PDT