RealTime IT News

Trojan Exploits Office

A Trojan horse moving through the wild is capable of exploiting a hole in Microsoft Office and allowing attackers to override control of computers, security experts warn.

The malicious code, first identified in April and also known as "Backdoor.Hesive," is disguised as a Microsoft Access file, which, once opened infects .mdb files take advantage of a buffer overflow flaw in Microsoft's Jet Database Engine software to seize control of vulnerable machines, according to security outfit Symantec.

Although the hole was initially reported to Microsoft in April by security firm HexView, Microsoft said it is continuing to investigate the problem.

Redmond said it is aware that the Trojan "may be exploiting a publicly reported vulnerability in Microsoft Office."

A spokeswoman for the software maker also said the company would continue to investigate the issue and, upon completion, "take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or a security advisory, depending on customer needs."

"The vulnerability is caused due to a memory-handling error when ... parsing database files. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted '.mdb' file in Microsoft Access," Secunia said in an advisory five months ago.

Secunia rated the Trojan "highly critical."