Hackers Exploit Access Database Flaw
In its brief warning, US-CERT offered few details on the attack, saying simply that the organization is "aware of active exploitation" of the problem by criminals who have sent specially crafted Microsoft Access Database (.mdb) files to victims.
Run by the U.S. Department of Defense, US-CERT is charged with coordinating the nation's response to cyberattacks.
Companies typically block the use of .mdb files, but criminals could be using this attack in a targeted strike against an organization that is known to use this particular file-type, said Ben Greenbaum, senior manager for Symantec security response. Symantec itself has seen no evidence of the .mdb exploitation that prompted the US-CERT alert.
The files are not something that the average user would come across on a daily basis, he added. ".Mdb files are blocked by default in most installations of Internet Explorer and Outlook Express," he said. "I am a bit surprised to see active exploitation happening over this vector."
While US-CERT did not say which flaw was being exploited, Greenbaum said the vulnerability could be a recently discovered buffer overflow bug in the Microsoft Jet DataBase engine used to parse Access files.