MSNBC: Hole opens Office 97 users to hijackJul 30, 1999, 17:03 (16 Talkback[s])
(Other stories by Mark Stevenson)
"A vulnerability in Microsoft Office 97 can allow malicious code contained in an Excel 97 worksheet hidden in a Web page or sent in e-mail to take control of online computers without the victims' being aware, Microsoft confirmed..."
"THE VULNERABILITY IS CONTAINED in the Jet 3.51 driver (ODBCJT32.DLL) that was shipped with the popular Office 97 software suite."
"Juan Carlos G. Cuartango, a Spanish Web developer who has discovered other important security holes, reported the problem to the NTBugTraq mailing list Thursday afternoon. Later Thursday, the Microsoft Security Team confirmed the bug in a posting to the same list.
'If you open a malicious Excel worksheet implementing this vulnerability it will send shell commands to your operating system (Windows NT, 95 and 98 are all affected) that can: (infect) you (with) a virus, delete your disks, read your files,' Cuartango said in his posting to the list. '…(T)he worksheet will get full control over your machine.' "
0 Talkback[s] (click to add your comment)