COMMAND

    FileManager hole

SYSTEMS AFFECTED

    Win NT 3.51

PROBLEM

    This text is taken from Bill Stout's pages.

    When an administrative user starts File Manager in Windows NT 3.51
    from MS Office 7.0  Shortcut Bar, he will  able to see files  in a
    folder (directory) for which he has no access permissions.

    This  is  due  to  File  Manager  inheriting  'backup  and restore
    permissions' from the  Office Shortcut bar,  which was used  by MS
    Office Shortcut bar to write user entries in the registry.

    This will be common on  shared directories (such as \users)  where
    the administrator creates the share, and gives users full  control
    over subdirectories which the users later restrict access on.

    For verification check:

        http://www.microsoft.com/kb/articles/q146/6/04.htm

SOLUTION

    Apply MS proposed fix or upgrade your software.