Database Attacks Confirmed by Microsoft
By Ryan Naraine | Posted 2008-03-25
Email
Print
Attackers are exploiting a buffer overrun vulnerability in the lightweight database that provides data access to Microsoft Access, Visual Basic and third-party applications.
An
unpatched security flaw in Microsoft's Jet Database Engine is being
used to launch targeted attacks against Windows users, according to an advisory from the software vendor.
In fact, proof-of-concept exploit code
targeting multiple Jet database engine flaws has been available on the
Internet since April 2005. The public exploit code affects the same
"msjet40.dll" component referenced in Microsoft's pre-patch advisory. Read the full article at eWEEK.
The attacks, described by Microsoft as "very limited," are exploiting a
buffer overrun vulnerability in the lightweight database that provides
data access to applications such as Microsoft Access, Microsoft Visual
Basic and third-party applications. Technical details on this zero-day vulnerability are not yet available
but it is common knowledge that the Jet DB engine has suffered from
major security issues over the last few years.
Discover Software-Defined Networks
Software-defined networks hold a lot of potential in today’s ...Watch Now
Programming Languages That Pay Big Bucks
SQL is a programming language that's high in demand, thanks to its ...Watch Now
