Vulnerabilities Found In Microsoft Access And HP Laptop SoftwareVulnerabilities Found In Microsoft Access And HP Laptop Software

US-CERT is warning the weaknesses may allow an attacker to execute remote code without additional user interaction.

Thomas Claburn, Editor at Large, Enterprise Mobility

December 12, 2007

2 Min Read
information logo in a gray background | information

The United States Computer Emergency Readiness Team (US-CERT) this week issued two warnings about public exploit code.

On Monday, the government security group said that there's a stack buffer overflow vulnerability in the way that Microsoft Access handles Microsoft Access Database (.MDB) files. Opening maliciously crafted .MDB files may allow an attacker to execute remote code without additional user interaction, the group said.

US-CERT didn't provide details beyond stating that the vulnerability was being actively exploited. A proof-of-concept exploit has been available since Nov. 16.

Microsoft considers .MDB files to be unsafe, along with many other file types. "Microsoft customers should be aware that opening unsafe types of files could cause malicious damage to computer systems," the company states in its support documentation. "These files could contain viruses or Trojan horse programs and could be used to alter or to delete information that is stored on the computer. These files could also be used to send information that is stored on a computer to other computers. We recommend that customers only open these types of files after customers verify that the sender is trustworthy and that the sender intentionally sent the file."

Some of the files types Microsoft classifies as unsafe are: program files (*.exe), batch files (*.cmd and *.bat), script files (*.vbs and *.js), Microsoft Access files (*.mdb), and macros in Microsoft Word files (*.doc) or in Microsoft Excel files (*.xls). The Microsoft Access stack buffer overflow vulnerability wasn't among those Microsoft fixed on Dec. 11 in its monthly security patch bulletin.

On Wednesday, US-CERT said it also was aware of reports of a possible vulnerability in the HP Info Center Software found on HP laptops. The group said that the flaw could allow an attacker to execute remote code on the affected laptop or alter the laptop's system registry.

A proof-of-concept exploit for the HP software flaw was posted on Tuesday.

Read more about:

20072007

About the Author

Thomas Claburn

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, information, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

See more from Thomas Claburn
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports