Pandalabs might have discovered a 0-day in MS Access. I'm trying to see if this is confirmed by others. As if we didn't have enough issues with (other) MS Office documents up till now. There is still an unpatched excel vulnerability on the loose.
Last week, John Fellers sent us a sample that exploited a flaw in MS Access. We thought it was the same vulnerability sent to Bugtraq on November and announced by McAfee in December. However a deeper analysis reveals that it's a new vulnerability. We are still analyzing the exploit to find out more information, though at first sight it seems to be a flaw in Jet Engine (msjet40.dll).
A simple search in Google (with the name of the mdb file as the query) reveals it was sent to a public forum in Nabble in February. Although these vulnerabilities allow remote code execution, Microsoft replied that they would not fix these mdb vulnerabilities, as it seems they will not acknowledge vulnerabilities which are from .mdb files:
"You appear to be reporting an issue with a file type Microsoft
considers to be unsafe. Many programs, such as Internet Explorer and
Outlook, automatically block these files. For more information, please
visit http://support.microsoft.com/kb/925330"
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment