Microsoft’s employees hunting vulnerabilities instead of Easter eggs.
A buffer overrun vulnerability in
Microsoft
‘s
Jet Database Engine
, the underlying database behind
Microsoft Access
among others, is currently being used in a limited number of targeted attacks.
The victim is sent two files as an email attachment, possibly combined in a ZIP file, one of which is a
Word
file. This file references the other, a
Microsoft Access
database file, disregarding its extension and thus circumventing extension-based content filters. By exploiting the flaw in the Jet Database Engine, the attacker could gain the same rights as the local user – hence users whose accounts have admin rights on the local computer will be more severely affected.
The vulnerability only occurs in
Msjet40.dll
versions prior to 4.0.9505.0 and therefore
Windows Server
2003 SP1 and
Windows Vista
are not affected. This could indicate that
Microsoft
has silently fixed the vulnerability.
Although the number of attacks is believed to be very small, it was considered sufficiently serious for many
Microsoft
employees to work on a fix
during Easter
.
More details are in a post on
McAfee
‘s Avert Labs blog
here
, while
Microsoft
‘s Security Advisory can be found
here
.
Posted on 25 March 2008 by
Virus Bulletin
Leave a Reply