Attackers exploit hole in Microsoft Access 2003
Specially crafted Microsoft Access database files can be used to attack Windows PCs, according to a warning from US-CERT. Under certain circumstances, attackers can exploit an unpatched vulnerability in the Jet Engine used in Microsoft Office Access 2003. When manipulated MDB files are parsed, a buffer overflow occurs, allowing code to be written onto the application's stack and launched. An exploit has been available since the vulnerability was reported around a month ago.
US-CERT does not say exactly what happens in the current attacks, nor who is under attack, but in the past vulnerabilities in Office products have generally targeted businesses, politicians, and industry. The event confirms the findings of the SANS Institute and Microsoft, among others, that most attacks now exploit vulnerable applications.
Up to now, Microsoft has neither patched, nor officially confirmed the flaw. On the other hand, US-CERT writes that the vulnerability in Access need not necessarily be exploited for a system to be infected by malicious MDB files. Rather, the handling of such files itself is very risky, which is why they should be blocked at the mail gateway, for instance. Microsoft has published a list of all file types that represent high risk in a knowledge base article. Such files are blocked in the standard settings of Microsoft's Outlook and Outlook Express e-mail clients.
- Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability, security advisory by Frank Ruder
- Active Exploitation Using Malicious Microsoft Access Databases, warning from US-CERT