OFF97: Office 97 ODBC Driver Vulnerability Security Update

Microsoft has become aware of a potential security issue involving a specific version of the Microsoft Access ODBC driver, which a malicious coder could theoretically exploit. This issue affects Microsoft Excel 97, as well as any program that makes use of the Microsoft Access ODBC driver version 3.5x or earlier and Microsoft Internet Information Server (IIS).

The Microsoft Access Open Database Connectivity (ODBC) driver versions 3.5x and earlier allow you to embed Microsoft Visual Basic for Applications commands into string expressions. These commands could include instructions to delete your files or other such malicious acts. You could potentially encounter this problem by visiting a Web site that causes a spreadsheet to open or by opening a spreadsheet that is attached to an e-mail.

An update is available that corrects this issue. See the "More Information" section of this article for information about how to download and install this update.

NOTE: Microsoft released an updated version of the Office 97 ODBC Driver Vulnerability Security Update on October 11, 1999. The new update fixes an additional variant of the Text ISAM vulnerability.

NOTE: It is not necessary to install this update on Windows 2000.

Follow these steps to download and install this update:

NOTE: Microsoft recommends that all Office 97 and Excel 97 users update their systems with this security update. For corporate users, it is recommended that you first contact your system administrators before applying any updates or patches.

1. Point your Web browser to the following Web site:
   http://www.microsoft.com/downloads/details.aspx?FamilyID=3EFBE71A-00BB-48CE-930A-47FB9827E1E7&displaylang=EN (http://www.microsoft.com/downloads/details.aspx?FamilyID=3EFBE71A-00BB-48CE-930A-47FB9827E1E7&displaylang=EN)
2. Click Download Now!. Click Save this program to disk and then click OK.
3. Click Save.
4. In Windows Explorer, double-click the JetCopkg.exe file.
5. Click Yes when you are asked whtether or not to install this update.
6. Click Yes to accept the License Agreement.
7. Click OK in the alert that indicates that the installation was successful.

NOTE: This update also installs the Office Document Open Confirmation update. For additional information about the Office Document Open Confirmation update, point your Web browser to the following Microsoft Web site:

For additional information about this problem, click the article numbers below to view the articles in the Microsoft Knowledge Base: