Microsoft JET VBA Shell 漏洞

漏洞信息详情

Microsoft JET VBA Shell 漏洞

• CNNVD编号：CNNVD-199908-038
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0325
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  1999-08-20
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  This vulnerability…

Microsoft Jet数据库引擎存在漏洞。攻击者可以通过数据库请求执行命令，也称为\”VBA Shell\” 漏洞。

Microsoft has made a patch available at the following url:
http://officeupdate.microsoft.com/articles/mdac_typ.htm
This was made public in a Microsoft Security Advisory published on August 20, 1999. The patch works by creating a “sandbox mode” for Jet 3.5x, and changing the implementation of sandbox mode in Jet 4.0.
An additional patch made available by Microsoft, exists at the following location:
http://office.microsoft.com/assistance/9798/mdac_typ.aspx
Also, Wanderley J. Abreu Jr. has written a program that will search the registry and modify the EditFlags value for DocObjects file types, setting the Confirm Open After Download value to 01. this means that these filetypes can no longer be silently downloaded and opened. This can be downloaded from:
http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip
@unikey.com.br>

来源: XF
名称: jet-vba-shell(3155)
链接:http://xforce.iss.net/static/3155.php

来源: BID
名称: 548
链接:http://www.securityfocus.com/bid/548

来源: MS
名称: MS99-030
链接:http://www.microsoft.com/technet/security/bulletin/ms99-030.asp