Access flaw exploited via Word

Microsoft's employees hunting vulnerabilities instead of Easter eggs.

A buffer overrun vulnerability in Microsoft's Jet Database Engine, the underlying database behind Microsoft Access among others, is currently being used in a limited number of targeted attacks.

confidence-2012

The victim is sent two files as an email attachment, possibly combined in a ZIP file, one of which is a Word file. This file references the other, a Microsoft Access database file, disregarding its extension and thus circumventing extension-based content filters. By exploiting the flaw in the Jet Database Engine, the attacker could gain the same rights as the local user - hence users whose accounts have admin rights on the local computer will be more severely affected.

The vulnerability only occurs in Msjet40.dll versions prior to 4.0.9505.0 and therefore Windows Server 2003 SP1 and Windows Vista are not affected. This could indicate that Microsoft has silently fixed the vulnerability.

Although the number of attacks is believed to be very small, it was considered sufficiently serious for many Microsoft employees to work on a fix during Easter.

More details are in a post on McAfee's Avert Labs blog here, while Microsoft's Security Advisory can be found here.

25 March 2008

Tags: jet database engine, microsoft, microsoft access, word.   

 del.icio.us  digg this! digg this

0 comments

Comments are closed.

Quick Links

Poll
Does your company allow you to use a personal laptop/mobile device to access company resources?
Yes, it's allowed
Yes, it's actively encouraged
No
I don't know
Leave a comment
View 2 comments

Jobs Career Sidebar

Malware Prevalence
Autorun |#######|
Encrypted/Obfuscated |#####|
Heuristic/generic |#####|
Sality |####|
Zbot |####|
 View this month's full report

Virus Bulletin currently has 225,281 registered users.