Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Backdoor.Hesive - Uses Microsoft Access Jet Engine Vulnerability

  Please be careful with all email messages containing Microsoft Access attachments. This new exploit capitalizes on an unpatched Microsoft Jet Engine vulnerability that creates a compromise to system security until the Trojan Horse registry settings are corrected. 

This new Microsoft Access based exploit is very rare in the wild.  Still, it could could surprise individuals if another wave of emails were massively spammed.  Microsoft Access data base email attachments are usually thought of as being safe to open by most of us. 

We should always be cautious on ANY attachment type in unexpected email messages. The best practice is to never open attachments regardless of whether they appear safe or not. 

Backdoor.Hesive - Uses Microsoft Access Jet Engine Vulnerability
http://secunia.com/virus_information/21954/hesive/

Backdoor.Hesive is a Trojan horse that opens a back door on the compromised computer and allows a remote attacker unauthorized access. The Trojan may arrive as a Microsoft Access file that exploits the Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability (described in Bugtraq ID 12960).


Microsoft Jet Database Engine Malformed Database File Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/12960/info

Solution: Currently we are not aware of any vendor-supplied patches for this issue

Allows the remote attacker the ability to perform the following actions:

List active ports
List processes, services, and threads
Download and execute remote files
Upload files
Run a system shell
Modify registry values
End processes
Get system information
Get network information
Post collected data to hostile web site

Comments

TrackBack said:

# October 4, 2005 5:07 AM