• Total Posts: 43051
  • Total Topics: 16234
  • Online Today: 5014
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)

Author Topic: Microsoft warns of targeted Word attack  (Read 2996 times)

0 Members and 1 Guest are viewing this topic.


  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • - Samker's Computer Forum
Microsoft warns of targeted Word attack
« on: 25. March 2008., 19:51:21 »

Software giant Microsoft warned on Friday that some customers have reported detecting attacks using Microsoft Word and a previously unknown vulnerability in Microsoft's Jet database engine.

The attack uses an e-mail message with two attachments -- a Word file and a Microsoft Jet database file -- although Microsoft is investigating whether other programs could also be used, the company said in a security advisory published on Friday. While the software giant has stated that Microsoft database files (.mdb) should be considered unsafe, and do not execute automatically, under the attack conditions described in the latest attacks the database files does execute, security firm McAfee stated in its research blog.

"Up until recently attackers typically exploited MS Jet DB vulnerabilities through MDB files, and therefore Microsoft stuck to their 'MDB files are unsafe' story -- well, that’s changed," Craig Schmugar, senior antivirus researcher at security firm McAfee, wrote in the post.

Flaws in Microsoft's Office productivity applications have become standard weapons for fraudsters conducting targeted attacks aimed at high-level managers and executives. While ten or fewer high-severity flaws were reported in the five major component applications of Microsoft Office each year from 2002 to 2006, at least 26 high-severity flaws were reported in Office applications last year, according to data from the National Vulnerability Database. Earlier this month, Microsoft patched a dozens flaws in Office applications.

Vulnerabilities in Microsoft Office have been used in industrial espionage and in attacks on government systems.

Microsoft is currently working on producing a patch for the flaw. The company recommended that companies either restrict Microsoft Jet Database from running or block .mdb files from being sent as attachments.

The vulnerability does not affect computers running Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1, the company stated.

(Copyright by SecurityFocus)

Samker's Computer Forum -

Microsoft warns of targeted Word attack
« on: 25. March 2008., 19:51:21 »


With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters)

Enter your email address to receive daily email with ' - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising