[AccessD] Security error in the MDB database

MartyConnelly martyconnelly at shaw.ca
Wed Apr 13 14:30:19 CDT 2005 

 Your network guy could have changed the following registry settings of the
following key, it should help you change the security level of the macro 
in Access 2003. He should be able to change this globally across the 
network for each client PC, there is even a way to do this from Access 
VBA code using WMI with proper network permissions.

HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Access\Security\Level

If the value is 1, then the macro security of Access 2003 is set to low.
If the value is 2, then the macro security of Access 2003 is set to medium.
If the value is 3, then the macro security of Access 2003 is set to high.

Nicholson, Karen wrote:

>Does anyone know why I do not have the option under macros to set the
>security in my Access 2003?  Is this in installation choice that was not
>installed by my IT department?
>
>-----Original Message-----
>From: accessd-bounces at databaseadvisors.com
>[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of MartyConnelly
>Sent: Wednesday, April 13, 2005 2:04 PM
>To: Access Developers discussion and problem solving
>Subject: Re: [AccessD] Security error in the MDB database
>
>
>Well I suppose you could have Access 2003 set with macro security set to
>
>high.
>Which might protect against autoexec execution. I don't know if it stops
>
>intrinsic autoexec execution haven't tried it.
>
>Stuart McLachlan wrote:
>
>  
>
>>On 12 Apr 2005 at 21:41, Jim Lawrence wrote:
>>
>> 
>>
>>    
>>
>>>Hi All:
>>>
>>>Just received this in the mail. Is this something new or has it been
>>>      
>>>
>known
>  
>
>>>for a while?
>>>
>>>http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111
>>>      
>>>
>332623
>  
>
>>>0
>>>
>>>   
>>>
>>>      
>>>
>>Don't know the details, but it says:
>>
>>"The vulnerability is caused due to a memory handling error when e.g. 
>>parsing database files. This can be exploited to execute arbitrary code
>>    
>>
>by 
>  
>
>>tricking a user into opening a specially crafted ".mdb" file in
>>    
>>
>Microsoft 
>  
>
>>Access."
>>
>>What's the difference between this and tricking a user into opening a 
>>".mdb" file which contains an autoexec macro that calls a function that
>>    
>>
>can 
>  
>
>>do any sort of dirty work you want?
>>
>>You can achieve exactly the same thing without using any "flaws".
>>
>>
>>
>>
>>
>>
>> 
>>
>>    
>>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada

More information about the AccessD mailing list