[ISN] Trojan rides in on unpatched Office flaw

From: InfoSec News (isn@private)
Date: Mon Oct 03 2005 - 05:31:59 PDT


http://news.com.com/Trojan+rides+in+on+unpatched+Office+flaw/2100-1002_3-5886543.html

By Joris Evers 
Staff Writer, CNET News.com
September 30, 2005

A new Trojan horse exploits an unpatched flaw in Microsoft Office and
could let an attacker commandeer vulnerable computers, security
experts have warned.

The malicious code takes advantage of a flaw in Microsoft's Jet
Database Engine, a lightweight database used in the company's Office
productivity software. The security hole was reported to Microsoft in
April, but the company has yet to provide a fix for the problem.

"Microsoft is aware that a Trojan recently released into the wild may
be exploiting a publicly reported vulnerability in Microsoft Office,"  
a company representative said in a statement sent via e-mail on
Friday. The software maker is investigating the issue and will take
"appropriate action," the representative said.
 
Previous Next The Trojan horse arrives in the guise of a Microsoft
Access file, security software maker Symantec said in an advisory.  
When run on a vulnerable system, it would give a remote attacker full
access to a compromised computer, Symantec said. The company calls the
pest "Backdoor.Hesive" and notes that it is not widespread.

Although exploits had already been released in April when HexView
publicly reported the flaw, the Trojan is believed to be the first
actual threat to take advantage of the security hole. Security
monitoring firm Secunia rates the issue "highly critical," one notch
below its most serious rating.

"The vulnerability is caused due to a memory handling error
when...parsing database files," Secunia said in its April advisory.  
"This can be exploited to execute arbitrary code by tricking a user
into opening a specially crafted '.mdb' file in Microsoft Access."

Symantec advises users to be cautious when opening unknown files. The
security software maker lists all recent Windows releases as
vulnerable to the Trojan attack.



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Mon Oct 03 2005 - 05:59:34 PDT