A security hole found in Microsoft's Office 97 application suite
can allow malicious code to take over a user's PC without their knowledge,
Microsoft has confirmed.
The hole stems from Microsoft's data
access software, called Jet. It allows code contained in an Excel 97
worksheet, hidden in a Web page or sent via email, to plant viruses, delete
data, or read files, according to Juan Carlos Garcia Cuartango, the developer who first discovered the hole.
Cuartango reported the problem to the NTBugTraq mailing list yesterday.
A member of Microsoft's security response team confirmed the hole in a
posting to NTBugTraq last night. According to Microsoft, the hole exists in
Jet version 3.51, which shipped with Office 97. The company said the
"vulnerability should be taken seriously" and recommends that all customers
upgrade to Jet 4.0.
The company plans to post a security bulletin that will include instructions on how to easily upgrade to Jet 4.0 via
Microsoft's OfficeUpdate
Web site.
In the meantime, Cuartango recommends that users check the version number of the Jet driver installed on their PCs in order to determine if they are affected. Using Windows "Find" command, search for a file named "ODBCJT32.DLL". Using the right mouse button, click on the file, the select the "Properties" tab. Click on the "Version" tab to check the version number of the file. If it is a version prior to 4.0, it should be updated. The new version of the drivers are contained in a file called Microsoft Data Access Components version 2.1, available from Microsoft's Web site.
Office 2000, a newer version of the application suite, uses the Jet version
4.0 driver and is not affected by the hole, according to Microsoft.
Jet is used in several Microsoft products, including its Exchange messaging
server and is the default database used with the company's popular Visual
Basic development tool. Jet can also be used with other Microsoft
development tools, such as Visual C++.
Last summer, Microsoft confirmed another Jet-related bug that affected the way its Access database handled changes to database records. The bug caused edits made on one Access database record to be saved to another record. The company posted a workaround to its support Web site.
Google's figured out a way to bring the power of graphics processor-powered hardware acceleration to some older computers, while Chrome 19 dev starts supporting the latest JavaScript code.
A new Apple lawsuit takes aim at Motorola Mobility in the U.S. for breaking a contract both companies have with Qualcomm for the license of one of its wireless patents.
A study by Harlequin--yes, the romantic-book people--says more women are sending naughty texts (shocking) and that 27 percent have sent a nude picture via e-mail or text.
Tor's "obfsproxy" technology would make encrypted data look innocuous and let it dodge government censors. That could help citizens in Iran reach blocked sites as antigovernment protests reportedly loom.
In spite of the boom in smartphone sales, there still seems to be a market for dedicated portable media players. Apple's iPod Touch is the leader, but what about some alternatives for the Android fans? CNET surveys the options.
