Clipboard Exposure Vulnerability in Forms 2.0 TextBox Control

A vulnerability exists in the Forms 2.0 ActiveX control which is distributed in any application that includes Visual Basic for Applications 5.0. A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a web site set up by the malicious hacker or opens a HTML email created by the malicious hacker.

Issue

The Forms 2.0 ActiveX control has a vulnerability that allows text to be pasted from a user's Clipboard into a Forms 2.0 Text Box or Combo Box.

A malicious hacker could use the Forms 2.0 Control to read or export text on a user's Clipboard when that user visits a web site set up by the malicious hacker or opens a HTML email created by the malicious hacker.

The Forms 2.0 Security Patch prevents a hacker from exploiting this vulnerability. Those who install the patch will not lose functionality and will still have the ability to manually paste content from their Clipboard to a Forms 2.0 Text Box or Combo Box. Developers who have built VBA solutions using the Forms 2.0 Control will still be able to paste into Text Boxes and Combo Boxes.

Affected Products

• Microsoft Office 97, Outlook 98, Project 98, Visual Basic 5.0 and Visual Basic for Applications 5.0

Download

Patch: http://officeupdate.microsoft.com/downloaddetails/fm2paste.htm

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: January 21, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<