Microsoft KB Archive/238445

From BetaArchive Wiki
Knowledge Base


OFF97: Office 97 ODBC Driver Vulnerability Security Update

Article ID: 238445

Article Last Modified on 11/22/2005


APPLIES TO

  • Microsoft Office 97 Standard Edition
  • Microsoft Open Database Connectivity Driver for Access 2.0
  • Microsoft Open Database Connectivity Driver for Access 3.0
  • Microsoft Open Database Connectivity Driver for Access 3.5
  • Microsoft Open Database Connectivity Driver for Access 3.6


This article was previously published under Q238445


SUMMARY

Microsoft has become aware of a potential security issue involving a specific version of the Microsoft Access ODBC driver, which a malicious coder could theoretically exploit. This issue affects Microsoft Excel 97, as well as any program that makes use of the Microsoft Access ODBC driver version 3.5x or earlier and Microsoft Internet Information Server (IIS).

The Microsoft Access Open Database Connectivity (ODBC) driver versions 3.5x and earlier allow you to embed Microsoft Visual Basic for Applications commands into string expressions. These commands could include instructions to delete your files or other such malicious acts. You could potentially encounter this problem by visiting a Web site that causes a spreadsheet to open or by opening a spreadsheet that is attached to an e-mail.

An update is available that corrects this issue. See the "More Information" section of this article for information about how to download and install this update.

NOTE: Microsoft released an updated version of the Office 97 ODBC Driver Vulnerability Security Update on October 11, 1999. The new update fixes an additional variant of the Text ISAM vulnerability.

NOTE: It is not necessary to install this update on Windows 2000.

MORE INFORMATION

Follow these steps to download and install this update:

NOTE: Microsoft recommends that all Office 97 and Excel 97 users update their systems with this security update. For corporate users, it is recommended that you first contact your system administrators before applying any updates or patches.

  1. Point your Web browser to the following Web site:

    http://www.microsoft.com/downloads/details.aspx?FamilyID=3EFBE71A-00BB-48CE-930A-47FB9827E1E7&displaylang=EN

  2. Click Download Now!. Click Save this program to disk and then click OK.
  3. Click Save.
  4. In Windows Explorer, double-click the JetCopkg.exe file.
  5. Click Yes when you are asked whtether or not to install this update.
  6. Click Yes to accept the License Agreement.
  7. Click OK in the alert that indicates that the installation was successful.

NOTE: This update also installs the Office Document Open Confirmation update. For additional information about the Office Document Open Confirmation update, point your Web browser to the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyID=8B5762D2-077F-4031-9EE6-C9538E9F2A2F&displaylang=EN


REFERENCES

For additional information about this problem, click the article numbers below to view the articles in the Microsoft Knowledge Base:

239104 Jet Expression Can Execute Unsafe Visual Basic for Application Functions


239105 Jet Expression Can Execute Unsafe Visual Basic for Application Functions



Additional query words: jet OFF97 sp3

Keywords: kbdownload kbhowto kbofficeupdate KB238445



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/238445&oldid=373677
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki