Stuart McLachlan
stuart at lexacorp.com.pg
Wed Apr 13 00:31:47 CDT 2005
On 12 Apr 2005 at 21:41, Jim Lawrence wrote: > Hi All: > > Just received this in the mail. Is this something new or has it been known > for a while? > > http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111332623 > 0 > Don't know the details, but it says: "The vulnerability is caused due to a memory handling error when e.g. parsing database files. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted ".mdb" file in Microsoft Access." What's the difference between this and tricking a user into opening a ".mdb" file which contains an autoexec macro that calls a function that can do any sort of dirty work you want? You can achieve exactly the same thing without using any "flaws". -- Stuart