DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  MS Access


SYSTEMS AFFECTED

  Win NT 3.5, 3.51, 4.0

  Access 1.0/2.0


PROBLEM


    This vulnerability was originally presented on:



        www.ntshop.com/security



    and this text is their credit.



    A User  SID can  be read  from a  v1.0 database  and pasted over a

    SID in the  MSysAccounts table in  the SystemDB, allowing  someone

    to access a database as a different user.



    This  affects  MS  Access  v2.0  and  v1.0 when a v1.0 database is

    opened.





EXPLOIT

  

SOLUTION


    Upgrde your  software and  look for  any fix  or SP.   MS have not

    come across a way of preventing this type of attack, however  they

    do, it will be posted to KB immediately.