Microsoft KB Archive/238445

= OFF97: Office 97 ODBC Driver Vulnerability Security Update =

Article ID: 238445

Article Last Modified on 11/22/2005

-

APPLIES TO


 * Microsoft Office 97 Standard Edition
 * Microsoft Open Database Connectivity Driver for Access 2.0
 * Microsoft Open Database Connectivity Driver for Access 3.0
 * Microsoft Open Database Connectivity Driver for Access 3.5
 * Microsoft Open Database Connectivity Driver for Access 3.6

-



This article was previously published under Q238445





SUMMARY
Microsoft has become aware of a potential security issue involving a specific version of the Microsoft Access ODBC driver, which a malicious coder could theoretically exploit. This issue affects Microsoft Excel 97, as well as any program that makes use of the Microsoft Access ODBC driver version 3.5x or earlier and Microsoft Internet Information Server (IIS).

The Microsoft Access Open Database Connectivity (ODBC) driver versions 3.5x and earlier allow you to embed Microsoft Visual Basic for Applications commands into string expressions. These commands could include instructions to delete your files or other such malicious acts. You could potentially encounter this problem by visiting a Web site that causes a spreadsheet to open or by opening a spreadsheet that is attached to an e-mail.

An update is available that corrects this issue. See the "More Information" section of this article for information about how to download and install this update.

NOTE: Microsoft released an updated version of the Office 97 ODBC Driver Vulnerability Security Update on October 11, 1999. The new update fixes an additional variant of the Text ISAM vulnerability.

NOTE: It is not necessary to install this update on Windows 2000.



MORE INFORMATION
Follow these steps to download and install this update:

NOTE: Microsoft recommends that all Office 97 and Excel 97 users update their systems with this security update. For corporate users, it is recommended that you first contact your system administrators before applying any updates or patches.  Point your Web browser to the following Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=3EFBE71A-00BB-48CE-930A-47FB9827E1E7&displaylang=EN

 Click Download Now!. Click Save this program to disk and then click OK. Click Save. In Windows Explorer, double-click the JetCopkg.exe file. Click Yes when you are asked whtether or not to install this update. Click Yes to accept the License Agreement.</li> Click OK in the alert that indicates that the installation was successful.</li></ol>

NOTE: This update also installs the Office Document Open Confirmation update. For additional information about the Office Document Open Confirmation update, point your Web browser to the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=8B5762D2-077F-4031-9EE6-C9538E9F2A2F&displaylang=EN

<div class="references_section">