[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities

To: Steve Shockley <steve.shockley@xxxxxxxxxxxx>
Subject: Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
From: Son SonOfLilit <sonoflilit@xxxxxxxxx>
Date: Mon, 4 Apr 2005 20:23:29 +0200

Or perhaps you have some macros running on every file (WordXP throws
me a warning every time I open a DOC since I installed MathType, which
extends Office through VBA scripts. Guess WordXP has some kind of
".login" / "autoexec.bat" file - a "initialization" script, that
MathType hooks up through... Never bothered to research into it)

(Sorry for the empty mail I mistakenly sent earlier)

On Apr 3, 2005 7:13 PM, Steve Shockley <steve.shockley@xxxxxxxxxxxx> wrote:
> Denis Jedig wrote:
> > Newer Access versions throw a security warning if the VBA code is not
> > signed and let the user disable VBA execution. The issue highlighted by
> > hexview is able to circumvent this security-related feature.
> 
> Access 2003 on WinXP SP2 throws a security warning when I open any
> Access file, even one without VBA.  I believe that's new with WinXP SP2.
>

References:
- [HV-HIGH] Microsoft Jet DB engine vulnerabilities
  - From: vuln
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
  - From: Thor (Hammer of God)
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
  - From: Denis Jedig
- Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
  - From: Steve Shockley

Prev by Date: Disclosure of AS/400 user accounts via the FTP server
Next by Date: Re: Solaris 10 Containers / Zones Security Flaw
Previous by thread: Re: [HV-HIGH] Microsoft Jet DB engine vulnerabilities
Next by thread: Reverse shell using netcat on AS/400
Index(es):
- Date
- Thread