Nope, it's not Windows, although the operating system is even targeted by attackers who want to get control over an affected system. This time, the affected MS solution is Access, as a new stack buffer overflow vulnerability was found in the application. A security notification
published by US-CERT, on December 10th, urged consumers to avoid opening untrusted attachments and to block high-risk attachments through the email gateways, in order to be sure that no infected MDB file reaches your computer.
"US-CERT is aware of a stack buffer overflow vulnerability in the way that Microsoft Access handles specially crafted database files. Opening a specially crafted Microsoft Access Database (e.g., .MDB) can cause arbitrary code execution without requiring any additional user interaction. Microsoft Access files are considered to be high-risk, so it may be possible to execute arbitrary code without using a vulnerability in Microsoft Access", the notification reads.
Today, security company Trend Micro discovered what seems to be the first tool attempting to exploit the Microsoft Access vulnerability. Entitled HKTL_MDBEXP.A, the hacking utility has a medium system impact and a high risk level for the information exposure category. It seems like the hacking tool is only compatible with Windows XP and Server 2003 and it's still in the wild.
"This hacking tool is a zero-day exploit that takes advantage of the following software vulnerability, which allows a remote malicious user or malware to download files on the affected system: Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability.
Once this hacking tool is used against a vulnerable system, hackers can execute commands on the said system", Trend Micro noted.
As I said, you're advised to avoid opening suspect email attachment that may represent a threat for your computer and refuse downloading unknown MDB files.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
