Targeted phishing emails are attempting to infect the machines of users' who are tricked into opening malicious Microsoft Access Database (MDB) files, US-CERT (United States Computer Emergency Readiness Team) said in a warning this week.
The bogus files attempt to take advantage of a stack-based buffer overflow vulnerability that occurs when Microsoft Access processes specially crafted database files, according to the advisory. Should a user click on a corrupted file, their machines could be pounded with malicious software.
Microsoft considers MDB files, which allow for embedded script, unsafe.
"Various Microsoft applications prevent users from opening this type of file, or warns them before they open the file," a company spokesman told SCMagazineUS.com today in an email.
The spokesman confirmed that Microsoft was aware of public exploit reports.
Craig Schmugar, threat research manager for McAfee Avert Labs, told SCMagazineUS.com today that the attacks likely take advantage of either of two unpatched Microsoft Jet Database vulnerabilities.
Researchers at McAfee have spotted the flaws being exploited in a limited manner, mostly targeting "entities related to government," he said.
Schmugar said socially engineered attacks hoping to leverage the flaw may succeed because users tend to trust certain files.
"People might think it's an Office document," he said. "They might be less apprehensive about accessing it."
Meanwhile, businesses should ensure they block MDB files at the email gateway, the US-CERT warning advised.
"While Microsoft treats them as unsafe, many companies may not," Schmugar said.
