Hacker toolkit targets Microsoft Access zero-day

By Robert Westervelt, News Editor 14 Jul 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

The Neosploit exploit toolkit has been tweaked by its makers to take advantage of a zero-day vulnerability in Microsoft Access.

SearchSecurity radio:

Symantec Corp. issued a warning Monday that it found attackers using the exploit toolkit to target an ActiveX control error in the Snapshot Viewer for Microsoft Access. The Snapshot Viewer is used to view database report snapshots that are created with any version of Microsoft Access. The toolkit allows attackers to reach a larger number of victims.

The Cupertino, Calif.-based security vendor issued an alert to customers of its DeepSight threat management service after observing exploit attempts via its honeynet. The vendor is maintaining its ThreatCon at level 2.

"Before this event, this exploit was known to be used only in isolated attacks," Symantec said in the alert.

Symantec warned that any computer with Microsoft Access installed is at risk for infection. English versions are being targeted by the Neosploit toolkit. Users can fall victim to an attack by downloading a malicious application into the Windows Startup folder, Symantec said.

Microsoft issued an advisory last week warning customers that it was investigating targeted attacks against a zero-day flaw in the Snapshot Viewer.

The ActiveX control is shipped with all supported versions of Microsoft Office Access except for Microsoft Office Access 2007, according to Microsoft. The vulnerability affects the Snapshot Viewer in Microsoft Office Access 2000, Microsoft Office Access 2002 and Microsoft Office Access 2003.

Microsoft's advisory highlighted a workaround until a patch is issued. IT administrators can use a feature in Internet Explorer to prevent an ActiveX control from ever being loaded by the Internet Explorer HTML-rendering engine, the software giant said. To do this the admin must set the kill bit for the control in the registry.

Danish vulnerability clearinghouse Secunia has rated the flaw "extremely critical" in its 30883 advisory.

Tags: Securing Productivity Applications,  Hacker Tools and Techniques: Underground Sites and Hacking Groups,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Securing Productivity Applications Adobe issues patch fixing month-long PDF zero-day vulnerability Another PDF attack targets Adobe zero-day vulnerability Active PDF attacks target Reader, Acrobat zero-day vulnerability Software piracy group offers cash to whistleblowers How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Hacker Tools and Techniques: Underground Sites and Hacking Groups Chinese hacker says most are not skilled coders Security researchers continue hunt for Conficker authors Verizon report goes deep inside data breach investigations Russian cybercriminals target H1N1 Swine Flu fears Metasploit Project acquisition ups ante for penetration testing market Successful rogue antivirus hinges on social engineering DEFCON survey suggests hacker community on vacation DoD urges less network anonymity, more PKI use New hacker skills optimize revenue Maturing cybercriminal economy buoyed by business savvy hackers

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary