Hackers turn Microsoft Office flaw into full-blown exploit


Hackers turn Microsoft Office flaw into full-blown exploit

Antony Savvas

Microsoft is contending with a new Trojan exploit in its Office collaborative software suite that could allow remote attackers to take over vulnerable computers.

The exploit takes advantage of a flaw in Microsoft's Jet database engine, which is a lightweight database used in the company's Office software.

Microsoft has known of the potential problem since April but the Trojan now circulating on the internet is the first real exploit of the flaw.

Microsoft says it is aware of the exploit and is considering whether it warrants a separate security patch.

The Trojan is sent to potential victims as a Microsoft Access file. Should this file be run by users, it would give remote attackers control of infected machines, said security software company Symantec.

Secunia, another internet security firm, said the flaw was "highly critical". Secunia said the problem related to a memory handling error when parsing database .mdb files in Microsoft Access.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy