Hacker toolkit targets Microsoft Access zero-day

By Robert Westervelt, News Editor 14 Jul 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The Neosploit exploit toolkit has been tweaked by its makers to take advantage of a zero-day vulnerability in Microsoft Access.

SearchSecurity radio:

Symantec Corp. issued a warning Monday that it found attackers using the exploit toolkit to target an ActiveX control error in the Snapshot Viewer for Microsoft Access. The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The toolkit allows attackers to reach a larger number of victims.

The Cupertino, Calif.-based security vendor issued an alert to customers of its DeepSight threat management service after observing exploit attempts via its honeynet. The vendor is maintaining its ThreatCon at level 2.

"Before this event, this exploit was known to be used only in isolated attacks," Symantec said in the alert.

Symantec warned that any computer with Microsoft Access installed is at risk for infection. English versions are being targeted by the Neosploit toolkit. Users can fall victim to an attack by downloading a malicious application into the Windows Startup folder, Symantec said.

Microsoft issued an advisory last week warning customers that it was investigating targeted attacks against a zero-day flaw in the Snapshot Viewer.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.

Microsoft's advisory highlighted a workaround until a patch is issued. IT administrators can use a feature in Internet Explorer to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine, the software giant said. To do this the admin must set the kill bit for the control in the registry.

Danish vulnerability clearinghouse Secunia has rated the flaw "extremely critical" in its 30883 advisory.

Tags: Securing Productivity Applications,  Hacker Tools and Techniques: Underground Sites and Hacking Groups,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Adobe fixes critical Shockwave Flash Player flaw Adobe issues first quarterly patch release fixing 13 flaws Adobe shifts to Microsoft patching process, incident response plan Balancing security and performance: Protecting layer 7 on the network Software Piracy pandemic needs government role, better vendor antipiracy plans McAfee to acquire Solidcore Systems for whitelisting Adobe issues Reader update fixing zero-day flaw Microsoft to patch critical PowerPoint zero-day flaw PCI DSS: Best practices for compliance Adobe working on patch to correct new zero-day flaw Hacker Tools and Techniques: Underground Sites and Hacking Groups Juniper pulls ATM hacking presentation from Black Hat Botnet platform helps cybercriminals bid for zombie PCs Man pleads guilty in online banking hacking scam ATM malware lets attackers take over machines The failing war against cybercriminals Hacker attack techniques and tactics: Understanding hacking strategies The Pipe Dream of No More Free Bugs Government needs a plan to limit Web usage during a security crisis Mobile phones win during Pwn2Own contest Black Hat DC 2009: Joanna Rutkowska on Intel TXT flaws

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary