• United States



by Art Jahnke

Trojan Uses Unpatched MS Office Hole

Oct 04, 20052 mins
CSO and CISOData and Information Security

Microsoft Corp. said Monday it is investigating a recently released Trojan horse that targets a hole in its Microsoft Office software suite that was first identified in April.

Symantec Corp. has issued an advisory that the Trojan, named Backdoor.Hesive, can arrive as a Microsoft Access file, exploiting a Microsoft Jet Database Engine buffer overflow. The code can allow an unauthorized user access, Symantec said, allowing an intruder to upload files, modify registry values and get system and network information.

A Microsoft spokeswoman wrote in an e-mail response Monday that the company is encouraging users to be cautious when opening .mdb files from an unknown source. A patch has not been released yet, according to the company.

The Trojan is not widely distributed and can be easily removed, Symantec said. The company rated its damage potential as “medium.”

The flaw in Microsoft Office was first identified in April by HexView, a computer security firm. The vulnerability is caused by a memory handling error when parsing database files, HexView reported. The Trojan can be triggered after a user opens an affected .mdb file in Microsoft Access, according to an advisory issued by Secunia, a security firm, in April.

By Jeremy Kirk, IDG News Service