Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Security / Advisories

Advisories

Yet Another Microsoft App Targeted by Hackers

Attackers aiming to exploit a MS Access vulnerability

By Bogdan Popa, Security and Search Engines Editor

17th of December 2007, 13:25 GMT

Adjust text size:


MS Access 2007
Enlarge picture
Nope, it's not Windows, although the operating system is even targeted by attackers who want to get control over an affected system. This time, the affected MS solution is Access, as a new stack buffer overflow vulnerability was found in the application. A security notification
published by US-CERT, on December 10th, urged consumers to avoid opening untrusted attachments and to block high-risk attachments through the email gateways, in order to be sure that no infected MDB file reaches your computer.

"US-CERT is aware of a stack buffer overflow vulnerability in the way that Microsoft Access handles specially crafted database files. Opening a specially crafted Microsoft Access Database (e.g., .MDB) can cause arbitrary code execution without requiring any additional user interaction. Microsoft Access files are considered to be high-risk, so it may be possible to execute arbitrary code without using a vulnerability in Microsoft Access", the notification reads.

Today, security company Trend Micro discovered what seems to be the first tool attempting to exploit the Microsoft Access vulnerability. Entitled HKTL_MDBEXP.A, the hacking utility has a medium system impact and a high risk level for the information exposure category. It seems like the hacking tool is only compatible with Windows XP and Server 2003 and it's still in the wild.

"This hacking tool is a zero-day exploit that takes advantage of the following software vulnerability, which allows a remote malicious user or malware to download files on the affected system: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability.
Once this hacking tool is used against a vulnerable system, hackers can execute commands on the said system", Trend Micro noted.

As I said, you're advised to avoid opening suspect email attachment that may represent a threat for your computer and refuse downloading unknown MDB files.

TAGS:

 microsoft | access | hack | security


Rating:
Fair (2.2/5) 8 vote(s) so far    

Read by 475 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Windows Leaks Memory

Microsoft Student with Encarta Premium 2008

Microsoft Offers Free Online Tutorials

Microsoft Software Replaced

Premier Support from Microsoft

Microsoft Flexes Its Forefront Security Muscles

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive