Site icon Panda Security Mediacenter

New MS Access exploit

Last week, John Fellers sent us a sample that exploited a flaw in MS Access. We thought it was the same vulnerability sent to Bugtraq on November and announced  by McAfee in December. However a deeper analysis reveals that it's a new vulnerability. We are still analyzing the exploit to find out more information, though at first sight it seems to be a flaw in Jet Engine (msjet40.dll).

A simple search in Google (with the name of the mdb file as the query) reveals it was sent to a public forum in Nabble in February. Although these vulnerabilities allow remote code execution, Microsoft replied that they would not fix these mdb vulnerabilities, as it seems they will not acknowledge vulnerabilities which are from .mdb files:

"You appear to be reporting an issue with a file type Microsoft
considers to be unsafe. Many programs, such as Internet Explorer and
Outlook, automatically block these files. For more information, please
visit http://support.microsoft.com/kb/925330"

The discovered mdb file has an embedded file, detected by Panda as Trj/Keylogger.DB.

(thanks to Arrizen Perez, malware researcher from PandaLabs, and John Fellers, who sent us the sample)

Exit mobile version