[AccessD] Security error in the MDB database

Nicholson, Karen cyx5 at cdc.gov
Wed Apr 13 13:20:28 CDT 2005


Does anyone know why I do not have the option under macros to set the
security in my Access 2003?  Is this in installation choice that was not
installed by my IT department?

-----Original Message-----
From: accessd-bounces at databaseadvisors.com
[mailto:accessd-bounces at databaseadvisors.com] On Behalf Of MartyConnelly
Sent: Wednesday, April 13, 2005 2:04 PM
To: Access Developers discussion and problem solving
Subject: Re: [AccessD] Security error in the MDB database


Well I suppose you could have Access 2003 set with macro security set to

high.
Which might protect against autoexec execution. I don't know if it stops

intrinsic autoexec execution haven't tried it.

Stuart McLachlan wrote:

>On 12 Apr 2005 at 21:41, Jim Lawrence wrote:
>
>  
>
>>Hi All:
>>
>>Just received this in the mail. Is this something new or has it been
known
>>for a while?
>>
>>http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111
332623
>>0
>>
>>    
>>
>
>Don't know the details, but it says:
>
>"The vulnerability is caused due to a memory handling error when e.g. 
>parsing database files. This can be exploited to execute arbitrary code
by 
>tricking a user into opening a specially crafted ".mdb" file in
Microsoft 
>Access."
>
>What's the difference between this and tricking a user into opening a 
>".mdb" file which contains an autoexec macro that calls a function that
can 
>do any sort of dirty work you want?
>
>You can achieve exactly the same thing without using any "flaws".
>
>
>
>
>
>
>  
>

-- 
Marty Connelly
Victoria, B.C.
Canada



-- 
AccessD mailing list
AccessD at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/accessd
Website: http://www.databaseadvisors.com



More information about the AccessD mailing list