New MS Access exploit in wild: Panda | SC Media

New MS Access exploit in wild: Panda

March 4, 2008
Updated Wednesday, March 5 at 5:27 p.m EST

PandaLabs researchers said they have discovered a public exploit taking advantage of a new Microsoft (MS) Access Database vulnerability.

Experts believe the new flaw resides in the Jet Engine, the same place where McAfee researchers in December discovered a similar bug. The Jet Engine is a database manager upon which programs, such as MS Access, are built.

In the December case, bogus Microsoft Access Database (MDB) files were attempting to take advantage of a stack-based buffer overflow vulnerability that occurs when MS Access processes specially crafted database files.

Microsoft considers MDB files, which permit embedded script, unsafe and has said that standard programs such as Internet Explorer and Outlook already block them.

Bill Sisk, security response communications manager for Microsoft, told SCMagazineUS.com on Tuesday night that Microsoft is aware of the exploit but, because it considers .mdb files unsafe, does not consider the issue a product vulnerability that needs a patch.

prestitial ad