Average Rating: Rate this article:

Critical Flaw in Microsoft's Office, Access By Elizabeth Millard April 13, 2005 9:48AM     Security firm Secunia has rated the flaw "highly critical" because the exploit code is in the wild. Also, given the wide use of Office and Access -- both by corporations and by home users -- it means there is the possibility that many people could be affected if a malicious hacker chooses to use to the vulnerability.   Related Topics office access windows flaw Latest News Google Buzz Connects Gmail Users Intel Launches Itanium 9300 Series iPhone OS, Android Gain in Q4 Nvidia Auto-Switches Notebook GPU Macworld Focuses on Mobile Apps A flaw has been reported in Microsoft 's Jet database engine, affecting popular software applications Office and Access. Reported by HexView, a security firm, the vulnerability is caused by a memory-handling error that can occur when doing certain tasks like parsing database files. The flaw can be exploited to execute arbitrary code if a user opens a specially formatted file marked with an ".mdb" extension in Microsoft Access. The Jet database is used by applications like Office 2000, Office 2003, Access 2000 and Access 2003. The vulnerability has been confirmed on a fully patched system running Microsoft Access 2003 and Windows XP SP1 and SP2. Other versions might also be affected. Critical Condition Security firm Secunia has rated the flaw "highly critical" because the exploit code is in the wild. Also, given the wide use of Office and Access -- both by corporations and by home users -- it means there is the possibility that many people could be affected if a malicious hacker chooses to use the vulnerability. "People running Office and Access should be concerned," said Secunia researcher Thomas Kristensen. The flaw has the potential to be exploited as well by the .mdb attachment. "It's not a common file that people watch for, like an .exe attachment," Kristensen noted. "So, it's not one that people would suspect as being malicious. And that makes it dangerous." On the Alert HexView noted in news reports that Microsoft was notified of the vulnerability on March 30, but has not acknowledged the flaw yet. Microsoft issued a batch of security fixes for eight product flaws recently as part of its regular patching cycle, but the vulnerability reported by HexView was not among them. It is unclear whether Microsoft will break from its regular patch schedule if it deems the Jet database flaw worthy of attention, but a compelling reason to do so would be the exploit code's existence in the wild. "The code is on a public mailing list," said Kristensen. "That makes the situation different than if a security problem was found in a lab."   Tell Us What You Think Your Comment: Also Visit: iPad Info Center Billions of Bytes Mobile Device Now Apple Info Center TopTechWire.com Advertisement  Software 1.   iPhone OS, Android Gain in Q4 2.   Tips for More Windows 7 Productivity 3.   MS: Russian Pirates Scamming Us 4.   Veteran SAP CEO Abruptly Resigns 5.   Mobile Phone Apps Gaining Ground Oracle, Adobe Patch Vulnerabilities Microsoft's Patch Tuesday very light. Average Rating: Tips for More Windows 7 Productivity Win 7 is chock-full of unsung features. Average Rating: Veteran SAP CEO Abruptly Resigns Cofounder will guide new co-CEOs. Average Rating:

Product Information and Resources for Technology You Can Use To Boost Your Business CRM Systems   Experience CRM—and Business—Success today with Salesforce.com. Data Storage   AT&T Synaptic Storage as a Service. Learn more. Enterprise Hardware   Trade in your old printer and save up to $400.   Find out why now is the best time to buy a new APC Smart-UPS!   HP ProLiant G6 Servers. Perform like a superstar, Save like an accountant. Enterprise I.T.   Tell us what you think. Take a survey.   AT&T Synaptic Storage as a Service. Learn more.   Find out why now is the best time to buy a new APC Smart-UPS!   Stand out from other IS Professionals and increase your earning potential. Enterprise Software   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2. Microsoft/Windows   Read the Top 10 Reasons to Upgrade to Windows Server 2008 R2.

Enterprise Hardware Spotlight

Nvidia Auto-Switches Notebook GPU To Save Battery Life Nvidia has taken the wraps off a notebook technology that chooses the best graphics processor for any given application and automatically routes the workload to Nvidia or Intel processors.   Microsoft Says Battery Woes Not Caused By Windows 7 Battery problems on Windows 7 machines are not caused by the operating system. That's the position of Stephen Sinofsky, head of the Windows division, in a long posting on the Windows engineering blog.   IBM's New POWER7 Servers Save Energy with Big Loads IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."

Enterprise Technology Spotlight

Intel Launches Quad-Core Itanium 9300 Series Processor After two unexpected delays, Intel has launched the Itanium 9300 series, a 64-bit, quad-core processor code-named Tukwila that is expected to double the performance of its predecessor.   Google May Add Facebook, Twitter Links to Gmail Google will reportedly roll more social-networking features into Gmail, the fastest-growing e-mail service. The new features could save users the trouble of switching to Facebook or Twitter.   IBM's New POWER7 Servers Save Energy with Big Loads IBM has unveiled high-capacity servers that are the first to be based on its new, multi-core POWER7 chip. It said the new line is designed "to manage the most demanding emerging applications."

Navigation NewsFactor Network Home/Top News | Enterprise I.T. | Hardware | Software | Communications | Network Security | Wireless Tech | Linux/Open Source Apple/Macintosh | Microsoft/Windows | World Wide Web | Data Storage | E-Commerce | Personal Tech | Tech Trends | Press Releases NewsFactor Network Enterprise I.T. Sites NewsFactor Technology News | Enterprise Security Today | CRM Daily NewsFactor Business and Innovation Sites Sci-Tech Today | NewsFactor Business Report NewsFactor Services FreeNewsFeed | Free Newsletters | Free Whitepapers | About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise Privacy Policy | Terms of Service © Copyright 2000-2010 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo.