The Neosploit exploit toolkit has been tweaked by its makers to take advantage of a zero-day vulnerability in Microsoft Access.
Symantec Corp. issued a warning Monday that it found attackers using the exploit toolkit to target an ActiveX control error in the Snapshot Viewer for Microsoft Access. The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The toolkit allows attackers to reach a larger number of victims.
The Cupertino, Calif.-based security vendor issued an alert to customers of its DeepSight threat management service after observing exploit attempts via its honeynet. The vendor is maintaining its ThreatCon at level 2.
"Before this event, this exploit was known to be used only in isolated attacks," Symantec said in the alert.
Symantec warned that any computer with Microsoft Access installed is at risk for infection. English versions are being targeted by the Neosploit toolkit. Users can fall victim to an attack by downloading a malicious application into the Windows Startup folder, Symantec said.
Microsoft issued an advisory last week warning customers that it was investigating targeted attacks against a zero-day flaw in the Snapshot Viewer.
The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.
Microsoft's advisory highlighted a workaround until a patch is issued. IT administrators can use a feature in Internet Explorer to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine, the software giant said. To do this the admin must set the kill bit for the control in the registry.
Danish vulnerability clearinghouse Secunia has rated the flaw "extremely critical" in its 30883 advisory.