Microsoft JET VBA Shell 漏洞

CNNVD-ID编号	CNNVD-199908-038	CVE编号	CVE-2000-0325
发布时间	1999-08-20	更新时间	2005-10-20
漏洞类型	输入验证	漏洞来源	This vulnerability was discovered and posted to NTBugtraq by Juan Carlos Garcia Cuartango .
危险等级	高危	威胁类型	本地
厂商	microsoft

漏洞介绍

Microsoft Jet数据库引擎存在漏洞。攻击者可以通过数据库请求执行命令，也称为\"VBA Shell\" 漏洞。

漏洞补丁

Microsoft has made a patch available at the following url: http://officeupdate.microsoft.com/articles/mdac_typ.htm This was made public in a Microsoft Security Advisory published on August 20, 1999. The patch works by creating a "sandbox mode" for Jet 3.5x, and changing the implementation of sandbox mode in Jet 4.0. An additional patch made available by Microsoft, exists at the following location: http://office.microsoft.com/assistance/9798/mdac_typ.aspx Also, Wanderley J. Abreu Jr. has written a program that will search the registry and modify the EditFlags value for DocObjects file types, setting the Confirm Open After Download value to 01. this means that these filetypes can no longer be silently downloaded and opened. This can be downloaded from: http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip