IT Pro Today is part of the Informa Tech Division of Informa PLC

INFORMA PLC|ABOUT US|INVESTOR RELATIONS|TALENT

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Documents Online Events Advertise About

Newsletter Sign-Up

Cloud

Recent in Cloud

SEE ALL Cloud

lock in front of a data center

Cloud Computing

Navigating the Complexities of Data Sovereignty Navigating the Complexities of Data Sovereignty

byIndustry Perspectives

Nov 27, 2024

4 Min Read

unplugged power cord on top of a calculator

IT Operations

Microsoft Outage Disrupts Outlook and Teams, Affecting Many Thousands Microsoft Outage Disrupts Outlook and Teams, Affecting Many Thousands

byThe Washington Post

Nov 26, 2024

3 Min Read

Recent in OS

See All OS

empty cockpit of autonomous car

Operating Systems

What Is a Real-Time Operating System, and Who Needs One?What Is a Real-Time Operating System, and Who Needs One?

byChristopher Tozzi

Mar 5, 2024

6 Min Read

cubes with arrows and checkmarks illustrating a validation process

PowerShell

PowerShell Parameter Validation: Ensuring Valid Input for Functions PowerShell Parameter Validation: Ensuring Valid Input for Functions

byBrien Posey

Feb 20, 2024

4 Min Read

IT Mgmt

Recent in IT Mgmt

See All IT Mgmt

logo for solarwinds on a smartphone in a person's hand and on the background

Attacks & Breaches

SolarWinds CEO on Building Trust After Breach, Unifying IT and C-Suite, and GenAI Future SolarWinds CEO on Building Trust After Breach, Unifying IT and C-Suite, and GenAI Future

byShane Snider, InformationWeek

Nov 26, 2024

1 Min Read

unplugged power cord on top of a calculator

IT Operations

Microsoft Outage Disrupts Outlook and Teams, Affecting Many Thousands Microsoft Outage Disrupts Outlook and Teams, Affecting Many Thousands

byThe Washington Post

Nov 26, 2024

3 Min Read

Career

Recent in Career

See All Career Mgmt

Binder marked "priorities"

Career Management

ITPro Today's 2024 IT Priorities Report: Complementary Guide ITPro Today's 2024 IT Priorities Report: Complementary Guide

byChristopher Tozzi

Nov 26, 2024

8 Min Read

hand turning a Skills knob

IT Management

Use Skills-Based Talent Practices to Future-Proof Your Tech Organization Use Skills-Based Talent Practices to Future-Proof Your Tech Organization

byForrester Blog Network

Nov 21, 2024

2 Min Read

Storage

Recent in Storage

See All Data Storage

A silver and gray cloud data protection icon showing a cloud with a lock inside of it.

Data Backup

Data Protection Is Critical in the Multi-Cloud Data Protection Is Critical in the Multi-Cloud

byBrandon Taylor

Oct 31, 2024

5 Min View

mainframe

IT Infrastructure

Mainframe Technology Is Far From Obsolete Mainframe Technology Is Far From Obsolete

byIndustry Perspectives

Oct 24, 2024

4 Min Read

Security

Recent in Security

See All IT Security

logo for solarwinds on a smartphone in a person's hand and on the background

Attacks & Breaches

SolarWinds CEO on Building Trust After Breach, Unifying IT and C-Suite, and GenAI Future SolarWinds CEO on Building Trust After Breach, Unifying IT and C-Suite, and GenAI Future

byShane Snider, InformationWeek

Nov 26, 2024

1 Min Read

unplugged power cord on top of a calculator

IT Operations

Microsoft Outage Disrupts Outlook and Teams, Affecting Many Thousands Microsoft Outage Disrupts Outlook and Teams, Affecting Many Thousands

byThe Washington Post

Nov 26, 2024

3 Min Read

Dev

Recent in Dev

See All Software Dev

software developer working at his workstation

Software Development

From Declarative to Iterative: How Software Development Is Evolving From Declarative to Iterative: How Software Development Is Evolving

byLisa Morgan, InformationWeek

Nov 18, 2024

1 Min Read

artwork showing fingerprint and binary code

Regulatory Compliance

Why Future-proofing Cybersecurity Regulatory Frameworks Is Essential Why Future-proofing Cybersecurity Regulatory Frameworks Is Essential

byIndustry Perspectives

Nov 12, 2024

6 Min Read

Recent in DX

See All Digital Transformation

Binder marked "priorities"

Career Management

ITPro Today's 2024 IT Priorities Report: Complementary Guide ITPro Today's 2024 IT Priorities Report: Complementary Guide

byChristopher Tozzi

Nov 26, 2024

8 Min Read

the microsoft hololens glasses on display

Digital Transformation

What Comes After HoloLens 2? Exploring Microsoft’s AR/VR Future What Comes After HoloLens 2? Exploring Microsoft’s AR/VR Future

byBrien Posey

Nov 15, 2024

3 Min Read

Infrastructure

Recent in Infrastructure

See All Infrastructure

"traffic" text on a meter pointing to 100%

IT Infrastructure

How to Prepare Your Website for Holiday Shopping Rush with Load Testing How to Prepare Your Website for Holiday Shopping Rush with Load Testing

byIndustry Perspectives

Nov 25, 2024

5 Min Read

AIOps

Ops and More

Transforming Enterprise Networks With AIOps: A New Era of Intelligent Connectivity Transforming Enterprise Networks With AIOps: A New Era of Intelligent Connectivity

byForrester Blog Network

Nov 11, 2024

4 Min Read

Newsletters
How To…?
Industry Perspectives
Business Resources
Reports/Research
Online Events

Live Events
Videos
White Papers
Advertise With Us
About Us

Resource Library

Archived Assets

MS Word May Run Arbitrary Code via MS Access DB

Word's mail merge functionality can be used to cause arbitrary code to run on a system by using an MS Access 2000 database as the input for the merge operation.

ITPro Today Staff

August 6, 2000

1 Min Read

Reported August 7, 2000 by Georgi Guninski

VERSIONS EFFECTED

Microsoft Word

Microsoft Access 2000

DESCRIPTION

According to the discoverer's report, Microsoft Word can accept an MS Access 2000 database as input for a mail merge operation. However, the database file could contain Visual Basic code that could be made to run when the database is opened by MS Word. Such code could perform actions on the system without the user's knowledge.

DEMONSTRATION

Sample files are available at Georgi's Web site:
http://www.nat.bg/~joro/wordaccess.doc
http://www.nat.bg/~joro/db4.mdb

VENDOR RESPONSE

Microsoft is aware of the issue however no response was known at the time of this writing.

CREDIT
Discovered by Georgi Guninski

About the Author

ITPro Today Staff

See more from ITPro Today Staff

Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

Newsletter Sign-Up

Editor's Choice

the interface of the PowerShell search tool with a hand holding a magnifying glass on a background of a blue sky and clouds in the shape of gears

PowerShell

How I Built My Own PowerShell Multi-File Search Tool

Oct 22, 2024

burnout gif featuring a mannequin surrounded by office technology on fire

Career Tips

Am I Burned Out? How To Identify and Address Burnout in IT

Oct 24, 2024

MLOps

Ops and More

Choosing Between Cloud and On-Prem MLOps: What's Best for Your Needs?

Oct 23, 2024

Exclusive ITPro Resources

BCDR Basics: A Quick Reference Guide for Business Continuity & Disaster Recovery
Oct 10, 2024
|
1 Min Read
ITPro Today’s 2024 IT Priorities Report
Sep 25, 2024
|
1 Min Read
Tech Careers: Quick Reference Guide to IT Job Titles
Sep 13, 2024
|
1 Min Read
Migrating From VMware: Guide to a Successful Transition
Sep 3, 2024
|
1 Min Read