[15575] in bugtraq
Re: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code Exe
daemon@ATHENA.MIT.EDU (Walton, Keith)
Fri Jun 30 17:53:35 2000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-ID: <CDE4462B243ED311991D00902754E089AF27C9@cosp-m-exch01.co.sacramento.ca.us>
Date: Fri, 30 Jun 2000 10:06:41 -0700
Reply-To: "Walton, Keith" <WaltonK@OCIT.CO.SACRAMENTO.CA.US>
From: "Walton, Keith" <WaltonK@OCIT.CO.SACRAMENTO.CA.US>
X-To: Jensenne Roculan <jroculan@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
Yes, it works on Windows 98. I have also discovered that there is an option
in Visio 2000 to disable macros. By default it is unchecked.
-----Original Message-----
From: Jensenne Roculan [mailto:jroculan@securityfocus.com]
Sent: Friday, June 30, 2000 9:30 AM
To: Walton, Keith
Cc: 'vuldb@securityfocus.com'
Subject: Re: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code
Executi on Vulnerability
Hi there Keith,
Thanks very much for the information. You may want to post your
workaround to bugtraq (bugtraq@securityfocus.com). I tried this with
WinNT 4.0 and it seems to work, have you verified on Win 98?
Cheers,
Jensenne Roculan
SecurityFocus.com
http://www.securityfocus.com
(403) 213-3939 ext. 229
On Thu, 29 Jun 2000, Walton, Keith wrote:
> Assigning a password to the Administrator user in Access 2000 will help
> protect against this vulnerability. It will at least bring up a login
dialog
> when it tries to open the database.
>
> By the way, this flaw also works with Visio 2000. I don't know of any way
to
> protect against this one.
>
> Keith@Walton.net <mailto:Keith@Walton.net>
> Programmer/Analyst
>
