subscribe: Daily Newsletter

 

Access denied – new MS vulnerability uncovered

0 comments

PandaLabs, Panda Security’s malware detection and analysis laboratory, has discovered a new vulnerability in Microsoft Access. This is a similar security problem to the one discovered a few months back, categorized as CVE-2007-6026. The newly discovered flaw also affects the msjet40.dll library, albeit at a different point.

The problem is exacerbated by the fact that cyber criminals are already actively using this security hole to install malware silently on computers. Specifically, PandaLabs has detected that it is being used to distribute the dangerous Keylogger.DB Trojan, designed to steal confidential data by logging users’ keystrokes.
This security hole is exploited through maliciously-crafted Access files(.mdb), embedded with malicious code.
“Whenever a vulnerability of this type appears, cyber-crooks will try to take full advantage of it,” says Jeremy Matthews, head of Panda Security’s sub-Saharan operations. “We can therefore expect to see more malicious Access files in circulation that contain not only this Trojan, but also other types of threats”.
To avoid falling victim to this security problem, Panda advises users not to open suspicious files received or downloaded from the Internet, and to keep their security solutions up-to-date, especially since there is currently no patch available to resolve this vulnerability.