Linux Today: Linux News On Internet Time.

MSNBC: Race is on to fix Office flaw

Aug 16, 1999, 21:36 (7 Talkback[s])
(Other stories by Bob Sullivan)

"On one hand, the Office 97 vulnerability revealed last week turns out to be as big a breach as could be imagined. Simply by opening an e-mail, or even previewing one, a victim could have all files snooped by an intruder, even have his or her hard drive erased. And it turns out a fix for the flaw is still at least a week away. On the other hand, there have been no victims — so how bad could the problem really be? For now, the race is on to create and disseminate a fix before an ill-intentioned hacker figures out how to take advantage."

" 'This is the 'Good Times' virus hoax come to life,' said security expert Russ Cooper, who runs the popular security mailing list NTBugtraq. Good Times is one of the longest-running Net hoaxes — it suggests that simply reading an e-mail with the subject line 'Good Times' can destroy a victim's computer. That was just a myth.

But Cooper says he and at least one other person can do to your computer what Good Times was purported to do. The other is Juan Carlos G. Cuartango, a Spanish Web developer who discovered the so-called 'ODBC driver' vulnerability."

" 'I can send you an e-mail that will reformat your hard disk when you open it,' Cooper said. He claims 90 percent of users with Office 97 are vulnerable. ... To see if you are, search your hard drive for a file named ODBCJT32.DLL. When you locate it, right-click on it and select properties, then version. If the version number starts with 3.51 or lower, you are vulnerable."

Complete Story

Related Stories: