Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

SECURITY HOLE IN MS-OFFICE

..............A vulnerability in an MS Office 97 driver makes it possible for users to become infected by a virus or trojan simply by opening an e-mail message or visiting a Web page.

..............The vulnerability lies in the existence of a malicious spreadsheet that can take total control of infected machines running under Windows. In other words, opening this malignant Excel worksheet will enable it to perform actions such as copying files, deleting them, sending them to a server, etc. The seriousness of the problem resides in that the Excel sheet does not contain any macros, which means that users will not be alerted and the malicious code will be executed without their being able to prevent it in any way. Users may not even become aware that they are under attack.

..............This security hole is possible because of an ODBC (Open DataBase Connectivity) problem with the Jet 3.51 driver (located in ODBCJT32.DLL) shipped with MS Office 97, and which permits the malicious Excel spreadsheet to run commands without having to use macros.

..............The use of this vulnerability together with some kind of virus or trojan makes things even worse. All that would be needed is a document programmed to copy the virus or trojan over to the system and to execute it. It would even be possible to create a sheet that could automatically send the infected file to other users. In the case of trojan horses, the author of the attack could have hundreds of machines under his control in a matter of minutes.

..............The problem is made worse by the fact that it can be executed through the Internet. The infected file may be executed through the Internet by means of a hidden frame such as <IFRAME SRC=malicious.XLS>. If a user visits a page created in this way, the malicious web master will be able to obtain total control over the visitor's system. Thanks to the support modern e-mail readers provide to read HTML messages, all that is needed to be infected is to open an e-mail message (providing you are connected to the Internet and have enabled the HTML support option).

..............Of course, the infected spreadsheet may be sent 'as is', that is as an XLS document attached to an e-mail message. In this case, for the vulnerability to be exploited, the user would have to open the file. Although this security hole has only been confirmed for Excel spreadsheets, it is suspected that the vulnerability also exists with Word documents.

How can I protect my system?

..............To find out if you are affected by this vulnerability, consult the version of your Jet Driver (ODBCJT32.DLL). To do this in Windows 95/98 systems, proceed as follows:

- In the Start menu, select Find, then Files or Folders. In the dialog box that appears, enter ODBCJT32.DLL and click Find Now.

- In the list of results, select ODBCJT32.DLL. Right-click on the file name and select 'Properties' from the contextual menu.

- In the 'Properties' window, select the 'Version' tab. Under 'Item name', choose 'Product Version', next to which a value will be displayed.

If the version is shown as 3.51.xxx, then you are affected by the vulnerability. To fix this, download MDAC 2.1 from http://www.microsoft.com/data/ and install it immediately, as this includes an updated error-free version of the driver in question.

Go to top of the page
Bottom image.