accesswise
|
accesswise
|
Microsoft have released a patch to eliminate a security vulnerability in Office 2000.
This relates to the user assistant which can be brought up within Access 2000 and the other components of Office 2000 and takes the form of an animated paper clip, dog or other character.
|
Some of the irritating characters which can be assumed by the office
assistant.
|
The assistant provides help to the user and includes a 'show me' function to demonstrate how to carry out various actions. To do this it uses an ActiveX control which can run programs and macros to carry out the demonstration.
This is obviously a powerful control and the problem is that it has been labelled as 'safe for scripting'. The result is that if you visited a website created by a maliciously minded individual, the site could take advantage of this erroneous labelling and use it to carry out actions on your computer. You could also be at risk from an HTML email.
The patch does not alter the 'safe for scripting' label but instead reduces the functionality of the control so that it really is safe for scripting. As a consequence the paper clip, dog or whatever will no longer be able to carry out the 'show me' commands or 'pop-ups' (text which appears when you hover over certain words). However most of what Office help does for you will still be there.
Relevant pages on Microsoft's site:
Knowledge base article q262767.
FAQ.
The patch is NOT included in Office SR1 or SR1a. You can tell if it has been loaded by locating the file ouactrl.ocx in Windows Explorer, right-clicking and selecting the version tab. If the patch has been loaded the version of this file will be 2.0.
Home
|