[11443] in bugtraq
Re: Microsoft JET/Office Vulnerability Exploit
daemon@ATHENA.MIT.EDU (Ben Greenbaum)
Fri Aug 20 20:11:48 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.GSO.4.05.9908181255360.21491-100000@www.securityfocus.com>
Date: Wed, 18 Aug 1999 12:59:35 -0700
Reply-To: Ben Greenbaum <beng@SECURITYFOCUS.COM>
From: Ben Greenbaum <beng@SECURITYFOCUS.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990818122628.R16889@securityfocus.com>
Just a reminder, there are workarounds to solve this.
Cut-n-pasted from the vulnerability listing:
MDAC 2.1 includes the JET 4.0 driver which is not affected by this
vulnerability. It is available for download at:
http://www.microsoft.com/data/download.htm
Also, Wanderley J. Abreu Jr. <storm@UNIKEY.COM.BR> has written a
program that will search the registry and modify the EditFlags value for
DocObjects file types, setting the Confirm Open After Download value to
01. this means that these filetypes can no longer be silently downloaded
and opened. This can be downloaded from:
http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip
Ben Greenbaum
SecurityFocus
www.securityfocus.com
