TheUS Computer Emergency Readiness Team (US-CERT)has warned that hackers are actively targeting a security
flaw in theMicrosoft Access system.
The government security agency says it is aware of a stack
buffer overflow vulnerability in the way that Microsoft Access
handles specially crafted database files.
Opening a specially crafted
Microsoft Access Database file (".MDB") can cause arbitrary
code execution without requiring any additional user interaction,
said CERT.
As Microsoft Access files are considered to be high-risk, it may
also be possible to execute arbitrary code without using a
vulnerability in Microsoft Access, said CERT.
"US-CERT is aware of active exploitation using malicious
Microsoft Access databases," said the agency.
CERT said users should not open attachments from unsolicited
e-mail messages, and should block high-risk file attachments at
e-mail gateways.