0 Replies Latest reply on Dec 13, 2007 8:36 AM by HarryWaldron

    Microsoft Access - Malicious Exploit in-the-wild

      Users should avoid unexpected MDB files found in email or offered as downloads for websites. They should also stay up-to-date on security patches and AV protection. Hopefully, this will be patched as part of the January security updates

      Active Exploitation Using Malicious Microsoft Access Databases
      http://www.avertlabs.com/research/blog/index.php/2007/12/12/ms-access-exploit-in -the-wild/
      http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachm ent

      QUOTE: Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the United States Computer Emergency Readiness Team (US-CERT) has warned. In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is "aware of active exploitation" of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.

      Exploit based on Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability