INFO: Security Patch Available for Forms 2.0 ActiveX Control

• Microsoft Visual Basic Learning, Professional, and Enterprise Editions for Windows, versions 5.0, 6.0

SUMMARY

Microsoft has released a fully-supported patch that fixes a vulnerability in the Forms 2.0 ActiveX control. This control is distributed in any application that includes Visual Basic for Applications 5.0.

You can download the Forms 2.0 Security Patch from the Microsoft Office Update Page.

The next section explains the security vulnerability and the updated files in the patch.

MORE INFORMATION

The Forms 2.0 ActiveX control has a vulnerability that allows text to be pasted from a user's Clipboard into a Forms 2.0 Text Box or Combo Box. A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a Web site or opens a HTML e-mail created by the hacker.

The Forms 2.0 Security Patch prevents a hacker from exploiting this vulnerability.

The Forms 2.0 Security Patch is a fully-supported patch. If you have problems installing this patch or require technical assistance with this patch, please contact: Microsoft Technical Support.

REFERENCES

For additional information about Forms 2.0 Security Patch, please see the following:

Microsoft Security Bulletin (MS99-001) Patch Available for exposure in Forms 2.0 TextBox Control
that allows data to be read from user's Clipboard.

Q214757 OFF97: Forms 2.0 (Fm20*.dll) ActiveX Control Security Fix

Additional query words:

Keywords : kbfile kbAAcc kbSecurity KbVBA kbVBp500 kbVBp600 kbGrpVB
Version : WINDOWS:5.0,6.0
Platform : WINDOWS
Issue type : kbinfo