Microsoft JET VBA Shell 漏洞

Microsoft has made a patch available at the following url: http://officeupdate.microsoft.com/articles/mdac_typ.htm This was made public in a Microsoft Security Advisory published on August 20, 1999. The patch works by creating a "sandbox mode" for Jet 3.5x, and changing the implementation of sandbox mode in Jet 4.0. An additional patch made available by Microsoft, exists at the following location: http://office.microsoft.com/assistance/9798/mdac_typ.aspx Also, Wanderley J. Abreu Jr. has written a program that will search the registry and modify the EditFlags value for DocObjects file types, setting the Confirm Open After Download value to 01. this means that these filetypes can no longer be silently downloaded and opened. This can be downloaded from: http://www.securityfocus.com/data/vulnerabilities/patches/RegFix.zip