“A vulnerability in Microsoft Office 97 can allow malicious code
contained in an Excel 97 worksheet hidden in a Web page or sent in
e-mail to take control of online computers without the victims’
being aware, Microsoft confirmed…”
“THE VULNERABILITY IS CONTAINED in the Jet 3.51 driver
(ODBCJT32.DLL) that was shipped with the popular Office 97 software
suite.”
“Juan Carlos G. Cuartango, a Spanish Web developer who has
discovered other important security holes, reported the problem to
the NTBugTraq mailing list Thursday afternoon. Later Thursday, the
Microsoft Security Team confirmed the bug in a posting to the same
list.
‘If you open a malicious Excel worksheet implementing this
vulnerability it will send shell commands to your operating system
(Windows NT, 95 and 98 are all affected) that can: (infect) you
(with) a virus, delete your disks, read your files,’ Cuartango said
in his posting to the list. ‘…(T)he worksheet will get full
control over your machine.’ “