A Trojan horse moving through the wild is capable of exploiting a hole in
Office and allowing attackers to override
control of computers, security experts warn.
The malicious code, first identified in April and also known as
“Backdoor.Hesive,” is disguised as a Microsoft Access file, which, once opened
infects .mdb files take advantage of a buffer overflow flaw in Microsoft’s
Jet Database Engine software to seize control of vulnerable machines,
according to security outfit Symantec.
Although the hole was initially reported to Microsoft in April by security firm HexView, Microsoft said it is continuing to investigate the problem.
Redmond said it is aware that the Trojan “may be exploiting a publicly
reported vulnerability in Microsoft Office.”
A spokeswoman for the software maker also said the company would continue to
investigate the issue and, upon completion, “take the appropriate action
to protect our customers, which may include providing a fix through our
monthly release process or a security advisory, depending on customer
“The vulnerability is caused due to a memory-handling error when … parsing
database files. This can be exploited to execute arbitrary code by tricking
a user into opening a specially crafted ‘.mdb’ file in Microsoft Access,”
Secunia said in an advisory five months ago.
Secunia rated the Trojan “highly critical.”