OFF97: Office 97 ODBC Driver Vulnerability Security Update
ID: Q238445
|
The information in this article applies to:
-
Microsoft Office 97 for Windows
-
Microsoft ODBC Driver for Access, versions 2.0, 3.0, 3.5, 3.6
SUMMARY
Microsoft has become aware of a potential security issue involving a specific version of the Microsoft Access ODBC driver, which a malicious coder could theoretically exploit. This issue affects Microsoft Excel 97, as well as any program that makes use of the Microsoft Access ODBC driver version 3.5x or earlier and Microsoft Internet Information Server (IIS).
The Microsoft Access Open Database Connectivity (ODBC) driver versions 3.5x and earlier allow you to embed Microsoft Visual Basic for Applications commands into string expressions. These commands could include instructions to delete your files, or other such malicious acts. You could potentially encounter this problem by visiting a Web site that causes a spreadsheet to open, or by opening a spreadsheet that is attached to an e-mail.
An update is available that corrects this issue. See the More Information section of this article for information about how to download and install this update.
Note: Microsoft has released an updated version of the Office 97 ODBC Driver Vulnerability Security Update on October 11, 1999. The new update fixes an additional variant of the Text ISAM vulnerability.
MORE INFORMATION
Follow these steps to download and install this update:
Note: Microsoft recommends that all Office 97 and Excel 97 users update their systems with this security update. For corporate users, we recommend that you first contact your system administrators before applying any updates or patches.
- Point your Web browser to the following Web site:
http://officeupdate.microsoft.com/downloadDetails/excel97odbc.htm
- Click Download Now!. Click Save this program to disk and then click OK.
- Click Save.
- In Windows Explorer, double-click the JetCopkg.exe file.
- Click Yes when you are asked whtether or not to install this update.
- Click Yes to accept the License Agreement.
- Click OK in the alert that indicates that the installation was successful.
Note: This update also installs the Office Document Open Confirmation update. For additional information about the Office Document Open Confirmation update, point your Web browser to the following Microsoft Web site:
http://officeupdate.microsoft.com/downloadDetails/confirm.htm
REFERENCES
For additional information about this problem, click the article numbers below
to view the articles in the Microsoft Knowledge Base:
Q239104 Jet Expression Can Execute Unsafe Visual Basic for Application Functions
Q239105 Jet Expression Can Execute Unsafe Visual Basic for Application Functions
Additional query words:
jet OFF97 sp3
Keywords : kbdta
Version : WINDOWS:2.0,3.0,3.5,3.6,97
Platform : WINDOWS
Issue type : kbhowto