|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: FW: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code Exe cuti on Vulnerability
From: Walton, Keith (WaltonK
OCIT.CO.SACRAMENTO.CA.US)Date: Fri Jun 30 2000 - 11:46:33 CDT
- Next message: Mike Eldridge: "Re: ftpd: the advisory version"
- Previous message: Paul Starzetz: "Re: Buggy ARP handling in Windoze"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
See bottom of message for a workaround for this vulnerability.
-----Original Message-----
From: Jensenne Roculan [mailto:jroculansecurityfocus.com]
Sent: Friday, June 30, 2000 9:30 AM
To: Walton, Keith
Cc: 'vuldbsecurityfocus.com'
Subject: Re: Microsoft Internet Explorer 5.01 and Access 2000 VBA Code
Executi on Vulnerability
Hi there Keith,
Thanks very much for the information. You may want to post your
workaround to bugtraq (bugtraqsecurityfocus.com). I tried this with
WinNT 4.0 and it seems to work, have you verified on Win 98?
Cheers,
Jensenne Roculan
SecurityFocus.com
http://www.securityfocus.com
(403) 213-3939 ext. 229
On Thu, 29 Jun 2000, Walton, Keith wrote:
> Assigning a password to the Administrator user in Access 2000 will help
> protect against this vulnerability. It will at least bring up a login
dialog
> when it tries to open the database.
>
> By the way, this flaw also works with Visio 2000. I don't know of any way
to
> protect against this one.
>
> KeithWalton.net <mailto:KeithWalton.net>
> Programmer/Analyst
>
- Next message: Mike Eldridge: "Re: ftpd: the advisory version"
- Previous message: Paul Starzetz: "Re: Buggy ARP handling in Windoze"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]