ACC2000: Jet 4.0 Expression Can Execute Unsafe Visual Basic for Applications Functions

ID: Q239482

The information in this article applies to:
  • Microsoft Access 2000
  • Microsoft ODBC Driver for Access, version 4.0
  • Microsoft Office 2000 Professional
Moderate: Requires basic macro, coding, and interoperability skills.

This article applies only to a Microsoft Access database (.mdb).


SYMPTOMS

Using Jet 4.x, a user is able to call unsafe Visual Basic for Applications functions in query statements from Microsoft Access. For example, the following statement would result in all files being deleted from a computer's current folder:

SELECT Shell("Cmd /c del *.*") As c1 From Customers
NOTE: The Shell command in this example works in Microsoft Windows NT. The command would have to be modified as follows to work on a computer running Microsoft Windows 95/98:
SELECT Shell("Command.com /c del *.*") As c1 From Customers
The security risk occurs when expressions contain Visual Basic for Application commands that can be harmful to a computer running the query, for example, Shell commands to delete files or format the computer.


CAUSE

Jet queries can contain Visual Basic for Applications expressions. These are evaluated during query execution, a behavior that is desirable in many circumstances. However, if part of the query contains the Shell command, it is parsed and executed on the computer.

You can block such operations, which is called "Sandbox mode." However, by default in Microsoft Jet 4.0, Sandbox mode is not enabled for queries that are run in Microsoft Access. It is enabled for all other non-Access applications, such as ODBC.


RESOLUTION

Microsoft recommends that you first install the latest release of Microsoft Data Access Components MDAC 2.1.2.4202.3 (GA). You can download MDAC 2.1.2.4202.3 (GA) from the following Microsoft Web site:

http://www.microsoft.com/data
Next, in order to enable Sandbox mode for non-Access applications, install the Microsoft Jet 4.0 SP3 update. After installing this update, the next time that you run Jet, a new registry key is added to the registry. You can use this new registry key to prevent this type of security risk. The following is the registry key that is added: 

   \\HKEY_LOCAL_MACHINE\Software\Microsoft\Jet\4.0\engines\SandboxMode
For additional information about how to obtain the Microsoft Jet 4.0 SP3 update, please click the article number below to view the article in the Microsoft Knowledge Base:
Q239114 ACC2000: Updated Version of Microsoft Jet 4.0 Available on MSL
To make your system more resistant to malicious attacks while at the same time making it possible for older applications to keep running, the operation of the Sandbox mode has changed in the Jet update so that it is fully under your control.

You can set the key to the following values, with 0 (zero) being most permissive and 3 being least permissive:

Setting Description
0 Sandbox mode is disabled at all times.
1 Sandbox mode is used for Access applications, but not for non-Access Applications.
2 Sandbox mode is used for non-Access applications, but not for Access Applications. (This is the default value.)
3 Sandbox mode is used at all times.


STATUS

Microsoft has confirmed this to be a problem in the Microsoft products listed at the beginning of this article.


MORE INFORMATION

With Sandbox mode enabled, if you try to use Visual Basic for Applications functions in a Jet 4.0 query that are not considered safe, you receive the following error message:

JET_errExprUnknownFunction

Sandbox Mode Operations Allowed

The following is a list of functions that you can use in Jet queries when Sandbox mode is enabled. Any functions that do not appear in the list are not available in Sandbox mode.

ABS array ASC ASCB ASCW ATN
CBOOL CBYTE CCUR CDATE CDBL choose
CHR CHR$ CHRB CHRB$ CHRW CHRW$
CINT CLNG COS CSNG CSTR CVAR
CvDate CVErr date DATE$ DATEADD dateDiff
datePart DATESERIAL DATEVALUE day DdDB error
error$ EXP fix format format$ fv
hex hex$ HOUR IIF IMEStatus inStr
INT IPMT IRR isDate isEmpty ISERROR
isNull isNumeric isObject lCase lCase$ LEFT
LEFT$ LEFTB LEFTB$ LEN LENB LOG
lTrim lTrim$ MID MID$ MIDB MIDB$
MINUTE MIRR MONTH NOW NPER NPV
oct oct$ partition PMT PPMT PV
QBColor RATE RGB RIGHT RIGHT$ RIGHTB
RIGHTB$ rnd round rTrim rTrim$ SECOND
sgn SIN SLN space space$ sqr
str str$ strComp strConv string string$
switch SYD TAN TIME TIME$ timer
timeSerial TIMEVALUE TRIM TRIM$ typeName uCase
uCase$ val varType WEEKDAY YEAR

Additional query words: pra

Keywords : kbdta
Version : WINDOWS:2000,4.0; :
Platform : WINDOWS
Issue type : kbbug


Last Reviewed: September 8, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.