XL97: Potential Security Issue with Microsoft Access ODBC Driver

ID: Q238445

The information in this article applies to:

Microsoft Excel 97 for Windows
Microsoft ODBC Driver for Access, versions 2.0, 3.0, 3.5, 3.6

SUMMARY

Microsoft has become aware of a potential security issue involving a specific version of the Microsoft Access ODBC driver, which a malicious coder could theoretically exploit. This issue affects Microsoft Excel 97, as well as any program that makes use of the Microsoft Access ODBC driver version 3.5x or earlier and Microsoft Internet Information Server (IIS).

The Microsoft Access Open Database Connectivity (ODBC) driver versions 3.5x and earlier allow you to embed Microsoft Visual Basic for Applications commands into string expressions. These commands could include instructions to delete your files, or other such malicious acts. You could potentially encounter this problem by visiting a Web site that causes a spreadsheet to open, or by opening a spreadsheet that is attached to an e-mail.

MORE INFORMATION

Although some reports have indicated that an updated version of the ODBC driver is currently available, this is not a recommended solution for this specific problem. Microsoft is currently testing a solution designed for all Microsoft Office 97 customers and will post the solution on the following Web site shortly:

http://officeupdate.microsoft.com/Articles/MDAC_TYP.htm

Additional query words: xl97 jet


Keywords          : kbdta 
Version           : WINDOWS:2.0,3.0,3.5,3.6,97
Platform          : WINDOWS 
Issue type        : kbhowto

Last Reviewed: August 3, 1999