Investigations are currently being conducted as reports of targeted attacks through an unpatched security flaw in Microsoft’s Jet Database Engine has surfaced.

This vulnerability is exploited through a specially crafted Microsoft Word document detected by Trend Micro as TROJ_EMBED.AA. The Word file launches a Microsoft Database (MDB) file detected as TROJ_MSJET.C, which serves as a mail-merge file once the document is opened. At this point the vulnerability is exploited, allowing the Word document to drop a malicious .EXE file on the affected system.

The mentioned Word file also drops files that Trend Micro detects as the following:

TROJ_AGENT.TBS

TROJ_SMALL.EGV

BKDR_DARKMOON.AC

TSPY_KEYLOG.CF

The following sofware are vulnerable to this attack:

Microsoft Word 2000 Service Pack 3

Microsoft Word 2002 Service Pack 3

Microsoft Word 2003 Service Pack 2

Microsoft Word 2003 Service Pack 3

Microsoft Word 2007

Microsoft Word 2007 Service Pack 1 on Microsoft Windows 2000

Windows XP

Windows Server 2003 Service Pack 1

On the other hand, systems running under Windows Server 2003 Service Pack 2, Windows Vista, and Windows Vista Service Pack 1 are not affected by this vulnerability as they include a version of the Microsoft Jet Database Engine that is no longer vulnerable to this issue.

More information regarding this vulnerability can be found on this advisory from Microsoft:

Microsoft Security Advisory (950627)

The Microsoft Jet (Joint Engine Technology) Database Engine is the underlying building block of Microsoft’s databases (collections of information structured in a certain way) allowing the manipulation of relational database via a single interface.

Users are advised to keep their scan engines, applications and operating systems updated and to avoid clicking on attachments in spammed email messages.

ShareThis

Source: http://feeds.trendmicro.com/~r/Anti-MalwareBlog/~3/259250202/