Microsoft Corporation (NASDAQ: MSFT) has published new information regarding the current JET database vulnerability.
Since attackers are now able to load hostile MDB files through enticing the victim to open a Microsoft® Word document, Microsoft is contemplating a security update that will prompt users before opening an MDB file. Such a feature might, however, break custom applications.
Another security update candidate is the new JET database engine that Microsoft already ships with Windows Server® 2003 SP2, Windows Vista®, and Windows XP SP3 beta.
Regardless, JET database files will still, by design, be able to run script code. Users must therefore consider such files highly unsafe.
Do you have an experience regarding this or other JET database vulnerabilities? Please post your comments!
External links:
- “The case of the MDB attack vector” (Microsoft Security Response Center)
- “Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution” (Microsoft Security Advisory 950627)
- “An overview of unsafe file types in Microsoft products” (support.microsoft.com)
Post a Comment