Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    December 2014
    S M T W T F S
    « Nov    
     123456
    78910111213
    14151617181920
    21222324252627
    28293031  
  • Email Subscription

  • About Us

    Investigations are currently being conducted as reports of targeted attacks through an unpatched security flaw in Microsoft’s Jet Database Engine has surfaced.

    This vulnerability is exploited through a specially crafted Microsoft Word document detected by Trend Micro as TROJ_EMBED.AA. The Word file launches a Microsoft Database (MDB) file detected as TROJ_MSJET.C, which serves as a mail-merge file once the document is opened. At this point the vulnerability is exploited, allowing the Word document to drop a malicious .EXE file on the affected system.

    The mentioned Word file also drops files that Trend Micro detects as the following:

  • TROJ_AGENT.TBS
  • TROJ_SMALL.EGV
  • BKDR_DARKMOON.AC
  • TSPY_KEYLOG.CF
  • The following sofware are vulnerable to this attack:

  • Microsoft Word 2000 Service Pack 3
  • Microsoft Word 2002 Service Pack 3
  • Microsoft Word 2003 Service Pack 2
  • Microsoft Word 2003 Service Pack 3
  • Microsoft Word 2007
  • Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003 Service Pack 1
  • On the other hand, systems running under Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not affected by this vulnerability as they include a version of the Microsoft Jet Database Engine that is no longer vulnerable to this issue.

    More information regarding this vulnerability can be found on this advisory from Microsoft:

  • Microsoft Security Advisory (950627)
  • The Microsoft Jet (Joint Engine Technology) Database Engine is the underlying building block of Microsoft’s databases (collections of information structured in a certain way) allowing the manipulation of relational database via a single interface.

    Users are advised to keep their scan engines, applications and operating systems updated and to avoid clicking on attachments in spammed email messages.





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice