Vulnerabilities Found In Microsoft Access And HP Laptop Software - InformationWeek
IoT
IoT
Software // Enterprise Applications
News
12/12/2007
01:38 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
RELATED EVENTS
Faster, More Effective Response With Threat Intelligence & Orchestration Playboo
Aug 31, 2017
Finding ways to increase speed, accuracy, and efficiency when responding to threats should be the ...Read More>>

Vulnerabilities Found In Microsoft Access And HP Laptop Software

US-CERT is warning the weaknesses may allow an attacker to execute remote code without additional user interaction.

The United States Computer Emergency Readiness Team (US-CERT) this week issued two warnings about public exploit code.

On Monday, the government security group said that there's a stack buffer overflow vulnerability in the way that Microsoft Access handles Microsoft Access Database (.MDB) files. Opening maliciously crafted .MDB files may allow an attacker to execute remote code without additional user interaction, the group said.

US-CERT didn't provide details beyond stating that the vulnerability was being actively exploited. A proof-of-concept exploit has been available since Nov. 16.

Microsoft considers .MDB files to be unsafe, along with many other file types. "Microsoft customers should be aware that opening unsafe types of files could cause malicious damage to computer systems," the company states in its support documentation. "These files could contain viruses or Trojan horse programs and could be used to alter or to delete information that is stored on the computer. These files could also be used to send information that is stored on a computer to other computers. We recommend that customers only open these types of files after customers verify that the sender is trustworthy and that the sender intentionally sent the file."

Some of the files types Microsoft classifies as unsafe are: program files (*.exe), batch files (*.cmd and *.bat), script files (*.vbs and *.js), Microsoft Access files (*.mdb), and macros in Microsoft Word files (*.doc) or in Microsoft Excel files (*.xls). The Microsoft Access stack buffer overflow vulnerability wasn't among those Microsoft fixed on Dec. 11 in its monthly security patch bulletin.

On Wednesday, US-CERT said it also was aware of reports of a possible vulnerability in the HP Info Center Software found on HP laptops. The group said that the flaw could allow an attacker to execute remote code on the affected laptop or alter the laptop's system registry.

A proof-of-concept exploit for the HP software flaw was posted on Tuesday.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll