Home > Information Security News > Hacker toolkit targets Microsoft Access zero-day
Information Security News:
EMAIL THIS LICENSING & REPRINTS

Hacker toolkit targets Microsoft Access zero-day

By Robert Westervelt, News Editor
14 Jul 2008 | SearchSecurity.co.uk

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

The Neosploit exploit toolkit has been tweaked by its makers to take advantage of a zero-day vulnerability in Microsoft Access.

Symantec Corp. issued a warning Monday that it found attackers using the exploit toolkit to target an ActiveX control error in the Snapshot Viewer for Microsoft Access. The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The toolkit allows attackers to reach a larger number of victims.

The Cupertino, Calif.-based security vendor issued an alert to customers of its DeepSight threat management service after observing exploit attempts via its honeynet. The vendor is maintaining its ThreatCon at level 2.

"Before this event, this exploit was known to be used only in isolated attacks," Symantec said in the alert.

Symantec warned that any computer with Microsoft Access installed is at risk for infection. English versions are being targeted by the Neosploit toolkit. Users can fall victim to an attack by downloading a malicious application into the Windows Startup folder, Symantec said.

Microsoft issued an advisory last week warning customers that it was investigating targeted attacks against a zero-day flaw in the Snapshot Viewer.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.

Microsoft's advisory highlighted a workaround until a patch is issued. IT administrators can use a feature in Internet Explorer to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine, the software giant said. To do this the admin must set the kill bit for the control in the registry.

Danish vulnerability clearinghouse Secunia has rated the flaw "extremely critical" in its 30883 advisory.



Tags: Web Application SecurityThreat ManagementSecure CodingVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts