Posted by Virus Bulletin on Mar 25, 2008
Microsoft's employees hunting vulnerabilities instead of Easter eggs.
A buffer overrun vulnerability in Microsoft's Jet Database Engine, the underlying database behind Microsoft Access among others, is currently being used in a limited number of targeted attacks.
The victim is sent two files as an email attachment, possibly combined in a ZIP file, one of which is a Word file. This file references the other, a Microsoft Access database file, disregarding its extension and thus circumventing extension-based content filters. By exploiting the flaw in the Jet Database Engine, the attacker could gain the same rights as the local user - hence users whose accounts have admin rights on the local computer will be more severely affected.
The vulnerability only occurs in Msjet40.dll versions prior to 4.0.9505.0 and therefore Windows Server 2003 SP1 and Windows Vista are not affected. This could indicate that Microsoft has silently fixed the vulnerability.
Although the number of attacks is believed to be very small, it was considered sufficiently serious for many Microsoft employees to work on a fix during Easter.
More details are in a post on McAfee's Avert Labs blog here, while Microsoft's Security Advisory can be found here.
Posted on 25 March 2008 by Virus Bulletin
