Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Microsoft Access - Malicious Exploit in-the-wild

protect.gif Users should avoid unexpected MDB files found in email or offered as downloads for websites. They should also stay up-to-date on security patches and AV protection. Hopefully, this will be patched as part of the January security updates 

Active Exploitation Using Malicious Microsoft Access Databases
http://www.avertlabs.com/research/blog/index.php/2007/12/12/ms-access-exploit-in-the-wild/
http://www.us-cert.gov/current/index.html#microsoft_access_database_file_attachment

QUOTE: Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the United States Computer Emergency Readiness Team (US-CERT) has warned. In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is "aware of active exploitation" of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.

Exploit based on Microsoft Jet DataBase Engine MDB File Parsing Remote Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/26468
http://www.securityfocus.com/archive/1/483797

Posted: Dec 13 2007, 02:18 PM by Harry Waldron | with 3 comment(s)

Comments

Windows Vista News said:

Interesting: msmvps.com

# December 13, 2007 10:00 AM

Movies and Film Blog » Microsoft Access - Malicious Exploit in-the-wild said:

Pingback from  Movies and Film Blog » Microsoft Access - Malicious Exploit in-the-wild

# December 13, 2007 11:13 AM

Tonys Microsoft Access Blog said:

"Users should avoid unexpected MDB files found in email or offered as downloads for websites. They

# December 13, 2007 1:13 PM