Access flaw exploited via Word

Posted by   Virus Bulletin on   Mar 25, 2008

Microsoft's employees hunting vulnerabilities instead of Easter eggs.

A buffer overrun vulnerability in Microsoft's Jet Database Engine, the underlying database behind Microsoft Access among others, is currently being used in a limited number of targeted attacks.

The victim is sent two files as an email attachment, possibly combined in a ZIP file, one of which is a Word file. This file references the other, a Microsoft Access database file, disregarding its extension and thus circumventing extension-based content filters. By exploiting the flaw in the Jet Database Engine, the attacker could gain the same rights as the local user - hence users whose accounts have admin rights on the local computer will be more severely affected.

The vulnerability only occurs in Msjet40.dll versions prior to 4.0.9505.0 and therefore Windows Server 2003 SP1 and Windows Vista are not affected. This could indicate that Microsoft has silently fixed the vulnerability.

Although the number of attacks is believed to be very small, it was considered sufficiently serious for many Microsoft employees to work on a fix during Easter.

More details are in a post on McAfee's Avert Labs blog here, while Microsoft's Security Advisory can be found here.

Posted on 25 March 2008 by Virus Bulletin

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.