Microsoft Office Access files targeted for attack


	December 08th, 2008 New version of ReFog Personal Monitor and its review added! more


	January 06th, 2009 Security spending stays strong more Security experts warn against pirated Windows 7 more China vows to clean up the internet more RIAA dumps sleuthing firm more Simple Hack Beats Biometrics more Researchers Hack Into Intel's VPro more Thailand blocks 2,300 websites more Hackers hijack Obama's, Britney's Twitter accounts more

DISCLAIMER: Logging other people's keystrokes or breaking into other people's computer without their permission can be considered illegal by the courts of many countries. The monitoring software reviewed here is ONLY for authorized system administrators and/or owners of computers. We assume no liability and are not responsible for any misuse or damage caused by the keylogging software. The end user of this software is obliged to obey all applicable local, state, federal and other laws in his country of residence.

December 12th, 2007

Microsoft Office Access files targeted for attack

Online criminals are exploiting a flaw in the Microsoft Office Access database to install unauthorized software on computers, the United States Computer Emergency Readiness Team (US-CERT) warned Monday.

In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is ‘aware of active exploitation’ of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.

These files are ‘designed for the sole purpose of executing commands,’ so they should not be accepted from untrusted sources, Microsoft said in a note on its Web site.

Run by the U.S. Department of Defense, US-CERT is charged with coordinating the nation's response to cyberattacks.

Companies typically block the use of .mdb files, but criminals could be using this attack in a targeted strike against an organization that is known to use this particular file-type, said Ben Greenbaum, senior manager for Symantec security response. Symantec itself has seen no evidence of the .mdb exploitation that prompted the US-CERT alert.

The files are not something that the average user would come across on a daily basis, he added. ‘.Mdb files are blocked by default in most installations of Internet Explorer and Outlook Express,’ he said. ‘I am a bit surprised to see active exploitation happening over this vector.’

While US-CERT did not say which flaw was being exploited, Greenbaum said the vulnerability could be a recently discovered buffer overflow bug in the Microsoft Jet DataBase engine used to parse Access files.

Source: INFOWORLD

	All news for January 06th, 2009:
	15:58	Security spending stays strong
	15:58	Security experts warn against pirated Windows 7
	15:57	China vows to clean up the internet
	15:56	RIAA dumps sleuthing firm
	15:55	Simple Hack Beats Biometrics
	15:54	Researchers Hack Into Intel's VPro
	15:53	Thailand blocks 2,300 websites
	15:52	Hackers hijack Obama's, Britney's Twitter accounts
	All news for January 05th, 2009:
	16:36	Police get new hacking powers
	16:36	VeriSign addresses SSL certificate flaw
	16:35	'Curse of silence' flaw hits smartphones
	16:32	Microsoft tells how it missed critical IE bug
	16:31	Expert: Microsoft made $1.5B on 'Vista Capable' campaign

All news for January, 2009
All news for 2009 year
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year

DONATION: Keylogger.org is an independent research project supported by a team of enthusiasts. If you find this project useful or would like to help foster its continued development please consider making a donation using PayPal`s online secure payment service.

A PayPal account is not required. All major credit cards are accepted (MasterCard/Eurocard, Visa/Delta/Electron, American Express, Switch/Maestro, Solo). Simply click the button below.

Any amount would be useful and appreciated!

Thanks in advance for your support!