ad info



CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH
 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz
  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet
 DISCUSSION:
 message boards
 chat
 feedback
 SITE GUIDES:
 help
 contents
 search
 FASTER ACCESS:
 europe
 japan
 WEB SERVICES:
COMPUTING

Excel driver opens Office 97 security hole

August 3, 1999
Web posted at: 11:55 a.m. EDT (1555 GMT)

by Mary Lisbeth D'Amico

From...
InfoWorld

(IDG) -- A security flaw has been discovered in Microsoft's Office 97 software that allows a hacker to delete files or manipulate data of an Office 97 user, Microsoft has confirmed.

The problem does not affect the new office software, Office 2000, according to information posted on a Microsoft Web site.
MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  InfoWorld home page
  InfoWorld forums home page
  InfoWorld Internet commerce section
  Get Media Grok and The Industry Standard Intelligencer delivered for free
 Reviews & in-depth info at IDG.net
  IDG.net's personal news page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

The weak point is an ODBC driver in Excel 97, the spreadsheet program for Office 97. A malicious hacker can create an Excel spreadsheet that exploits the weak point in this database driver, allowing him or her to delete files or "perform other malicious acts," according to Microsoft.

Office 97 users may become vulnerable by opening an infected spreadsheet attached to either an e-mail or Web site link, Microsoft said.

The security hole was brought to Microsoft's attention on July 27, Microsoft said. News reports said the flaw was discovered by Juan Carlos Cuartango, a Spanish software developer, but that could not be immediately confirmed.

Tomas Jensen, a Microsoft spokesman in Germany, confirmed that Microsoft has been aware of the problem since late last week, but could give no further information other than to say that Microsoft is working on it.

Microsoft is testing a solution, and said it will shortly post that on its Web site. For information on the security hole, see officeupdate.microsoft.com/Articles/MDAC_TYP.htm.


RELATED STORIES:
Office 2000: What Microsoft's hiding inside the box
June 7, 1999
E-mail doesn't have to be opened to release virus
May 13, 1999
Expert confirms 'Russian New Year' danger
January 11, 1999
RELATED IDG.net STORIES:
Microsoft confirms Windows NT security flaw
(PC World Online)
Site Server's security hole
(Windows TechEdge)
Virus forces look at Microsoft's approach to security
(Computerworld)
Without fanfare, Microsoft posts Win98 bug fixes
(InfoWorld Electric)
Microsoft Office caters to corporate IT
(InfoWorld Electric)
Office 2000: Worth the bother?
(PC World Online)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
RELATED SITES:
Official Microsoft announcement about Excel flaw
Microsoft
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help
Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.