Posted on 10/01/2005 5:34:20 PM PDT by N3WBI3
A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers, security experts have warned.
The malicious code takes advantage of a flaw in Microsoft's Jet Database Engine, a lightweight database used in the company's Office productivity software. The security hole was reported to Microsoft in April, but the company has yet to provide a fix for the problem.
"Microsoft is aware that a Trojan recently released into the wild may be exploiting a publicly reported vulnerability in Microsoft Office," a company representative said in a statement sent via e-mail on Friday. The software maker is investigating the issue and will take "appropriate action," the representative said.
The Trojan horse arrives in the guise of a Microsoft Access file, security software maker Symantec said in an advisory. When run on a vulnerable system, it would give a remote attacker full access to a compromised computer, Symantec said. The company calls the pest "Backdoor.Hesive" and notes that it is not widespread.
Although exploits had already been released in April when HexView publicly reported the flaw, the Trojan is believed to be the first actual threat to take advantage of the security hole. Security monitoring firm Secunia rates the issue "highly critical," one notch below its most serious rating.
"The vulnerability is caused due to a memory handling error when...parsing database files," Secunia said in its April advisory. "This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted '.mdb' file in Microsoft Access."
Symantec advises users to be cautious when opening unknown files. The security software maker lists all recent Windows releases as vulnerable to the Trojan attack.
Techping?
A new Trojan horse exploits an unpatched flaw in Microsoft Office and could let an attacker commandeer vulnerable computers...
Aw geez... wasn't this posted just last week? ;-)
Dupe thread. You were so excited you couldn't even take a second to check.
I'm sure if GE was being honest he would have given you a link to the other thread for your convenience.
Wheres the dupe?
ROFL, the one with the exact same title. Until you learn how to perform a simple search, I'd suggest not creating any more threads.
http://www.freerepublic.com/focus/f-news/1494768/posts
Yep you screwed up all right. How many times is that now? Last time not only was it a dupe, you changed the title to something that was a lie, claiming all support for Windows 2000 was ended. And I unloaded on you so heavy that my account was the one that got suspended. Should have been you, though, since you had not only created another dupe but changed the title to a lie. The other time was when I pointed out English isn't your native language right? Or was it when you admitted you have a baby at home but spend more time on here pushing Linux. I can't remember anymore.
The mod seemed to feel otherwise, then there was the pot shot you took at my family that got your account suspended, then there are the multiple post you have had pulled for being over the line...
I guess the point is why in the heck should I take etiquette advice from someone who has to be suspended and edited by the mods as if he were a seven year old having a tantrum..
Thanks for at least not whining to your mother again this time. Maybe you're finally starting to grow up.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.