A new security hole in Office 97


Microsoft has confirmed a new security hole in Office 97 that may allow malicious code to take over your PC without your knowledge. The problem is related to Jet, Microsoft's data access software, which is used by Excel 97, Exchange server, Visual Basic development tools, Visual C++, and third-party software providers. According to the programmer who discovered it, the hole allows vicious code contained in Excel 97 files, e-mail and Web pages to attack your PC, possibly transmitting viruses, and reading and deleting files.

The hole exists in Jet version 3.51, which shipped with Office 97. Microsoft is still working on a patch to fix the problem, and in the meantime, recommends upgrading to Jet 4.0, which is not affected. Office 2000 is also immune because it uses version 4.0 of the Jet driver.

To check which version of Jet you have, select Start-Find-Files or Folders and click on the Name & Location tab. Type odbcjt32.dll into the Find box, and click Find Now. Right-click on the file, select Properties, and click on the Version tab. If you have a version before 4.0, you can upgrade by downloading and installing Microsoft Data Access Components version 2.1 (which contains the new version of the drivers) from www.microsoft.com/data/download.htm, or from our cover CD.

Updated information on this problem can be found at officeupdate.microsoft.com/Articles/mdac_typ.htm

- Belinda Taylor


Category:bugs and fixes
Issue: October 1999

These Web pages are produced by Australian PC World © 1999 IDG Communications