ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

Open The Door To Crackers

Come in, come in, whoever you are...

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

Excel 97 Left the Door Open to Crackers

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder A security flaw in Microsoft's Office 97 software allows a cracker (malicious cyber-attacker) to delete files or manipulate data of an Office 97 user, Microsoft has confirmed.

The point of attack comes through an ODBC driver in Excel 97, the spreadsheet program for Office 97. A malicious hacker can create an Excel spreadsheet that takes advantage of the opening in the database driver, letting him or her delete files or "perform other malicious acts," Microsoft said.

Office 97 users are vulnerable by opening an infected spreadsheet attached to either an email or hyperlink.

Microsoft's Response

Microsoft's response to this reported security hole reads, in part:

On July 27, 1999, Microsoft became aware of a security issue involving the ODBC database driver that is installed as a part of Excel 97. It is possible that a malicious coder could create an Excel 97 spreadsheet that exploits a vulnerability in this database driver to delete files and perform other malicious acts. A user could encounter this problem by opening a spreadsheet attached to an email message or linked from a Web site.

Office 97 applications, including Excel, warn users before running macros, and allow them to decide whether or not to disable the macros. However, this vulnerability is not associated with macros, and as a result, the user would not receive any warning upon opening the spreadsheet.

Microsoft takes all security issues seriously and is thoroughly investigating this issue. Although some reports have indicated that an updated version of the ODBC driver is currently available, this is not a recommended solution for this specific problem. Microsoft is currently testing a solution designed for all Office 97 customers, and will post it on this website shortly.

Note The issue does not affect users of Office 2000, which does not have this vulnerability.

Comments?

What are your comments? Are you worried about crackers attacking your system? Does Microsoft do an adequate job of securing its software against attack? Leave your comments on the message center.

Microsoft Response
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2000 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/1999/it990801.html
updated August 1, 1999