Nicholson, Karen
cyx5 at cdc.gov
Wed Apr 13 13:20:28 CDT 2005
Does anyone know why I do not have the option under macros to set the security in my Access 2003? Is this in installation choice that was not installed by my IT department? -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of MartyConnelly Sent: Wednesday, April 13, 2005 2:04 PM To: Access Developers discussion and problem solving Subject: Re: [AccessD] Security error in the MDB database Well I suppose you could have Access 2003 set with macro security set to high. Which might protect against autoexec execution. I don't know if it stops intrinsic autoexec execution haven't tried it. Stuart McLachlan wrote: >On 12 Apr 2005 at 21:41, Jim Lawrence wrote: > > > >>Hi All: >> >>Just received this in the mail. Is this something new or has it been known >>for a while? >> >>http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111 332623 >>0 >> >> >> > >Don't know the details, but it says: > >"The vulnerability is caused due to a memory handling error when e.g. >parsing database files. This can be exploited to execute arbitrary code by >tricking a user into opening a specially crafted ".mdb" file in Microsoft >Access." > >What's the difference between this and tricking a user into opening a >".mdb" file which contains an autoexec macro that calls a function that can >do any sort of dirty work you want? > >You can achieve exactly the same thing without using any "flaws". > > > > > > > > -- Marty Connelly Victoria, B.C. Canada -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com