COMMAND

    MS Access 1.0/2.0 SIDs exposed

SYSTEMS AFFECTED

    Win NT 3.5, 3.51, 4.0

PROBLEM

    This vulnerability was originally presented on:

        www.ntshop.com/security

    and this text is their credit.

    A User  SID can  be read  from a  v1.0 database  and pasted over a
    SID in the  MSysAccounts table in  the SystemDB, allowing  someone
    to access a database as a different user.

    This  affects  MS  Access  v2.0  and  v1.0 when a v1.0 database is
    opened.

SOLUTION

    Upgrde your  software and  look for  any fix  or SP.   MS have not
    come across a way of preventing this type of attack, however  they
    do, it will be posted to KB immediately.