dmcafee at pacbell.net
dmcafee at pacbell.net
Wed Apr 13 14:39:20 CDT 2005
Karen, just a shot in the dark, but are you sure the menu item wasn't hidden, due to lack of use? Try clicking on the double down arrow and the bottom of the menu list to see if any new items appear. David -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com]On Behalf Of Nicholson, Karen Sent: Wednesday, April 13, 2005 11:20 AM To: Access Developers discussion and problem solving Subject: RE: [AccessD] Security error in the MDB database Does anyone know why I do not have the option under macros to set the security in my Access 2003? Is this in installation choice that was not installed by my IT department? -----Original Message----- From: accessd-bounces at databaseadvisors.com [mailto:accessd-bounces at databaseadvisors.com] On Behalf Of MartyConnelly Sent: Wednesday, April 13, 2005 2:04 PM To: Access Developers discussion and problem solving Subject: Re: [AccessD] Security error in the MDB database Well I suppose you could have Access 2003 set with macro security set to high. Which might protect against autoexec execution. I don't know if it stops intrinsic autoexec execution haven't tried it. Stuart McLachlan wrote: >On 12 Apr 2005 at 21:41, Jim Lawrence wrote: > > > >>Hi All: >> >>Just received this in the mail. Is this something new or has it been known >>for a while? >> >>http://www.betanews.com/article/MS_Database_Engine_Flaw_Discovered/111 332623 >>0 >> >> >> > >Don't know the details, but it says: > >"The vulnerability is caused due to a memory handling error when e.g. >parsing database files. This can be exploited to execute arbitrary code by >tricking a user into opening a specially crafted ".mdb" file in Microsoft >Access." > >What's the difference between this and tricking a user into opening a >".mdb" file which contains an autoexec macro that calls a function that can >do any sort of dirty work you want? > >You can achieve exactly the same thing without using any "flaws". > > > > > > > > -- Marty Connelly Victoria, B.C. Canada -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com -- AccessD mailing list AccessD at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/accessd Website: http://www.databaseadvisors.com