Spacer Sidebar Directory Map

The Training Book, the handbook for trainers

Training Express computer learning guides

 

ITrain - International Association of Information Technology Trainers Open The Door To Crackers
Come in, come in, whoever you are...

ITINFO Sponsor

FastTips Newsletters

Having trouble keeping in touch with your clients? Not touching them at least twice a month?

FastTips newsletters are hard-hitting, to-the-point newsletters filled with useful computer tips & tricks.

Pre-printed with your company's name, address, and phone number, they'll keep your clients coming back for more.

Click for FastTips Newsletters for YOUR clients

Internet Poll
Have you attended a seminar via e-learning?
yes
no

poll archive

Excel 97 Left the Door Open to Crackers
by Dave Murphy
ISSN 1535-3613

Dave Murphy, DGL President & ITrain founder A security flaw in Microsoft's Office 97 software allows a cracker (malicious cyber-attacker) to delete files or manipulate data of an Office 97 user, Microsoft has confirmed.

The point of attack comes through an ODBC driver in Excel 97, the spreadsheet program for Office 97. A malicious hacker can create an Excel spreadsheet that takes advantage of the opening in the database driver, letting him or her delete files or "perform other malicious acts," Microsoft said.

Office 97 users are vulnerable by opening an infected spreadsheet attached to either an email or hyperlink.

Microsoft's Response
Microsoft's response to this reported security hole reads, in part:

On July 27, 1999, Microsoft became aware of a security issue involving the ODBC database driver that is installed as a part of Excel 97. It is possible that a malicious coder could create an Excel 97 spreadsheet that exploits a vulnerability in this database driver to delete files and perform other malicious acts. A user could encounter this problem by opening a spreadsheet attached to an email message or linked from a Web site.

Office 97 applications, including Excel, warn users before running macros, and allow them to decide whether or not to disable the macros. However, this vulnerability is not associated with macros, and as a result, the user would not receive any warning upon opening the spreadsheet.

Microsoft takes all security issues seriously and is thoroughly investigating this issue. Although some reports have indicated that an updated version of the ODBC driver is currently available, this is not a recommended solution for this specific problem. Microsoft is currently testing a solution designed for all Office 97 customers, and will post it on this website shortly.

Note The issue does not affect users of Office 2000, which does not have this vulnerability.

Comments?
What are your comments? Are you worried about crackers attacking your system? Does Microsoft do an adequate job of securing its software against attack? Leave your comments on the message center.

Microsoft Response
Message Center

Subscribe to ITINFO.
Receive computing and Internet news & tips
by subscribing to the ITINFO information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Damar Group, Ltd. helps business use technology.

ITINFO is again accepting sponsors. Sponsor messages are included in ITINFO's email newsletter and are permanently posted to DGL's website and online reference areas.

ITINFO is an electronic publication of Damar Group, Ltd., publisher of Training Express computer learning guides. Comments and submissions to info@dgl.com.

Previous issues are on our website at http://dgl.com/itinfo/.

updated August 1, 1999
http://dgl.com/itinfo/1999/it990801.html

Return to DGL homepage
Copyright © 1999, Damar Group, Ltd., All Rights Reserved