Investigations are currently being conducted as reports of targeted attacks through an unpatched security flaw in Microsoft’s Jet Database Engine has surfaced.
This vulnerability is exploited through a specially crafted Microsoft Word document detected by Trend Micro as TROJ_EMBED.AA. The Word file launches a Microsoft Database (MDB) file detected as TROJ_MSJET.C, which serves as a mail-merge file once the document is opened. At this point the vulnerability is exploited, allowing the Word document to drop a malicious .EXE file on the affected system.
The mentioned Word file also drops files that Trend Micro detects as the following:
The following sofware are vulnerable to this attack:
On the other hand, systems running under Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not affected by this vulnerability as they include a version of the Microsoft Jet Database Engine that is no longer vulnerable to this issue.
More information regarding this vulnerability can be found on this advisory from Microsoft:
The Microsoft Jet (Joint Engine Technology) Database Engine is the underlying building block of Microsoft’s databases (collections of information structured in a certain way) allowing the manipulation of relational database via a single interface.
Users are advised to keep their scan engines, applications and operating systems updated and to avoid clicking on attachments in spammed email messages.
Share this article