“On one hand, the Office 97 vulnerability revealed last week
turns out to be as big a breach as could be imagined. Simply
by opening an e-mail, or even previewing one, a victim could have
all files snooped by an intruder, even have his or her hard drive
erased. And it turns out a fix for the flaw is still at least a
week away. On the other hand, there have been no victims
— so how bad could the problem really be? For now, the race
is on to create and disseminate a fix before an ill-intentioned
hacker figures out how to take advantage.”
” ‘This is the ‘Good Times’ virus hoax come to life,’ said
security expert Russ Cooper, who runs the popular security mailing
list NTBugtraq. Good Times is one of the longest-running Net hoaxes
— it suggests that simply reading an e-mail with the subject
line ‘Good Times’ can destroy a victim’s computer. That was just a
myth.
But Cooper says he and at least one other person can do to your
computer what Good Times was purported to do. The other is Juan
Carlos G. Cuartango, a Spanish Web developer who discovered the
so-called ‘ODBC driver’ vulnerability.”
” ‘I can send you an e-mail that will reformat your hard disk
when you open it,’ Cooper said. He claims 90 percent of users with
Office 97 are vulnerable. … To see if you are, search your hard
drive for a file named ODBCJT32.DLL. When you locate it,
right-click on it and select properties, then version. If the
version number starts with 3.51 or lower, you are vulnerable.”